CVE-2026-34787 | Emlog up to 2.6.2 admin/plugin.php require_once plugin filename control (GHSA-7mvq-qj5x-5phm)

Inserito da Angelo Barbosa | Apr 4, 2026 | CVE

A vulnerability classified as problematic has been found in Emlog up to 2.6.2. This issue affects the function require_once of the file admin/plugin.php. This manipulation of the argument plugin causes improper control of filename for include/require statement in php program (‘php remote file inclusion’).

The identification of this vulnerability is CVE-2026-34787. It is possible to initiate the attack remotely. There is no exploit available.

CVE-2026-34787 | Emlog up to 2.6.2 admin/plugin.php require_once plugin filename control (GHSA-7mvq-qj5x-5phm)

Post correlati

CVE-2024-4144 | Simple Basic Contact Form Plugin up to 20240502 on WordPress Shortcode Remote Code Execution

CVE-2024-9093 | SourceCodester Profile Registration without Reload Refresh 1.0 GET Parameter del.php list sql injection

CVE-2025-2824 | IBM Operational Decision Manager 8.11.0.1/8.11.1.0/8.12.0.1/9.0.0.1/9.5.0 redirect

CVE-2025-11615 | SourceCodester Best Salon Management System 1.0 /panel/add_invoice.php ServiceId sql injection