•
MEDIUM Severity
CVE-2025-5119
Emlog Pro 2.5.11 SQL Injection Vulnerability
Overview
A critical vulnerability was discovered in Emlog Pro 2.5.11 that impacts unknown code of the file /include/controller/api_controller.php. The argument tag manipulation can lead to SQL injection.
Technical Details
The critical bug found in Emlog Pro 2.5.11 could lead to SQL injection through the manipulation of tag argument. The attack can initiate remotely and has been publicly disclosed.
CVSS Metrics
- CVSS Version: 4.0
- Attack Vector: NETWORK
- Attack Complexity: LOW
- Privileges Required: NONE
- User Interaction: NONE
- Confidentiality Impact: LOW
- Integrity Impact: LOW
- Availability Impact: LOW
Impact
This vulnerability can potentially allow an attacker to execute arbitrary SQL commands onto the database, posing a high risk to data confidentiality and integrity.
Recommendations
To defend against this vulnerability, it is recommended to update to a non-vulnerable version of Emlog Pro or apply appropriate patches as soon as they become available.
Threat Metrics
- "cvss_score": 7.3
- "severity": "MEDIUM"
- "attack_vector": "NETWORK"
- "attack_complexity": "LOW"