SB2026040952 - Improper input validation in Emlog Pro



SB2026040952 - Improper input validation in Emlog Pro

Published: April 9, 2026

Security Bulletin ID SB2026040952
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Improper input validation (CVE-ID: CVE-2025-47787)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote user to execute arbitrary code.

The vulnerability exists due to improper input validation in /admin/store.php when downloading and installing remotely supplied ZIP plugin files. A remote user can send a specially crafted request with a malicious plugin archive URL to execute arbitrary code.

The issue occurs in the plugin installation functionality and requires access to initiate the remote plugin download request.


Remediation

Install update from vendor's website.