SB2026040952 - Improper input validation in Emlog Pro
Published: April 9, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Improper input validation (CVE-ID: CVE-2025-47787)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote user to execute arbitrary code.
The vulnerability exists due to improper input validation in /admin/store.php when downloading and installing remotely supplied ZIP plugin files. A remote user can send a specially crafted request with a malicious plugin archive URL to execute arbitrary code.
The issue occurs in the plugin installation functionality and requires access to initiate the remote plugin download request.
Remediation
Install update from vendor's website.