CVE-2025-47785

{"id": "CVE-2025-47785", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.5, "exploitabilityScore": 2.8}]}, "published": "2025-05-15T20:16:08.947", "references": [{"url": "https://github.com/emlog/emlog/security/advisories/GHSA-939m-47f7-m559", "source": "security-advisories@github.com"}, {"url": "https://github.com/emlog/emlog/security/advisories/GHSA-939m-47f7-m559", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "Emlog is an open source website building system. In versions up to and including 2.5.9, SQL injection occurs because the $origContent parameter in admin/article_save.php is not strictly filtered. Since admin/article_save.php can be accessed by ordinary registered users, this will cause SQL injection to occur when the registered site is enabled, resulting in the injection of the admin account and password, which is then exploited by the backend remote code execution. As of time of publication, it is unknown whether a fix exists."}, {"lang": "es", "value": "Emlog es un sistema de creaci\u00f3n de sitios web de c\u00f3digo abierto. En versiones anteriores a la 2.5.9, se produce una inyecci\u00f3n SQL porque el par\u00e1metro $origContent en admin/article_save.php no est\u00e1 estrictamente filtrado. Dado que los usuarios registrados pueden acceder a admin/article_save.php, esto provocar\u00e1 una inyecci\u00f3n SQL al habilitar el sitio registrado, lo que resulta en la inyecci\u00f3n de la cuenta y contrase\u00f1a del administrador, que posteriormente es explotada por la ejecuci\u00f3n remota de c\u00f3digo del backend. Al momento de la publicaci\u00f3n, se desconoce si existe una soluci\u00f3n."}], "lastModified": "2025-05-19T15:15:24.900", "sourceIdentifier": "security-advisories@github.com"}