CVE-2025-30372

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-30372

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-30372.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-30372

Aliases

GHSA-w6xc-r6x5-m77c

Published

2025-03-28T14:51:41.664Z

Modified

2025-12-05T08:54:31.063157Z

Severity

7.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P CVSS Calculator

Summary

Emlog Pro contains an SQL injection vulnerability.

Details

Emlog is an open source website building system. Emlog Pro versions pro-2.5.7 and pro-2.5.8 contain an SQL injection vulnerability. search_controller.php does not use addslashes after urldecode, allowing the preceeding addslashes to be bypassed by URL double encoding. This could result in potential leakage of sensitive information from the user database. Version pro-2.5.9 fixes the issue.

Database specific

{
    "cwe_ids": [
        "CWE-89"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/30xxx/CVE-2025-30372.json",
    "cna_assigner": "GitHub_M"
}

References

Affected packages

Git / github.com/emlog/emlog

Affected ranges

Type: GIT
Repo: https://github.com/emlog/emlog
Events: Introduced

e169ef8e263d19cb6829ebf10a526b26dde67d76

Fixed

bed2755310fd4adbebe38b66d23845db8203cc60

Affected versions

pro-2.*

pro-2.5.7

pro-2.5.8

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-30372.json"