CVE-2025-29405

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-29405

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-29405.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-29405

Published

2025-03-19T18:15:25Z

Modified

2025-06-13T18:00:31.410805Z

Summary

[none]

Details

An arbitrary file upload vulnerability in the component /admin/template.php of emlog pro 2.5.0 and pro 2.5.* allows attackers to execute arbitrary code via uploading a crafted PHP file.

References

https://github.com/bGl1o/emlogpro/blob/main/emlog%20pro2.5.7-getshell-2.md
https://gist.github.com/bGl1o/19a141ee6e899884fa85f3a52898bcc6

Affected packages

Git / github.com/emlog/emlog

Affected ranges

Type: GIT
Repo: https://github.com/emlog/emlog
Events: Introduced

3452df6ec972fb0d59532dbf717a52b8d0d645cd

Last affected

e169ef8e263d19cb6829ebf10a526b26dde67d76

Affected versions

pro-2.*

pro-2.5.1

pro-2.5.2

pro-2.5.3

pro-2.5.4

pro-2.5.5

pro-2.5.6

pro-2.5.7