CVE-2025-9296 | Emlog Pro up to 2.5.18 blogger.php?action=update_avatar image unrestricted upload

Inserito da Angelo Barbosa | Ago 21, 2025 | CVE

A vulnerability was found in Emlog Pro up to 2.5.18. It has been declared as critical. This affects an unknown function of the file /admin/blogger.php?action=update_avatar. Such manipulation of the argument image leads to unrestricted upload.

This vulnerability is referenced as CVE-2025-9296. It is possible to launch the attack remotely. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-9296 | Emlog Pro up to 2.5.18 blogger.php?action=update_avatar image unrestricted upload

Post correlati

CVE-2025-6529 | 70mai M300 up to 20250611 Telnet Service default credentials

CVE-2024-2886 | Google Chrome prior 123.0.6312.86 WebCodecs use after free

CVE-2024-3356 | SourceCodester Aplaya Beach Resort Online Reservation System 1.0 controller.php type sql injection

CVE-2025-0918 | yaycommerce SMTP for SendGrid Plugin up to 1.3.1 on WordPress cross site scripting