Emlog - Path Disclosure (CVE-2021-3293)

Name: Emlog - Path Disclosure (CVE-2021-3293)
Published: 2022-08-17T00:00:00.000Z

Severity
CVE: CVE-2021-3293
CVSSv3 Score: 7.5
Exploitable with Sniper: No
Vulnerability description: Emlog is affected by a Path Disclosure vulnerability, located in the v5.3.1 version. The root cause of this vulnerability is the warning message displayed by the addslashes() PHP function, when receiving an incorrect parameter, which discloses the path to the webroot/file.
Risk description: The risk exists that a remote unauthenticated attacker can see the path to the webroot/file.
Recommendation: Upgrade Emlog to the latest version.
References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-3293
Detectable with: Network Scanner
Vuln date: Feb 2021
Published at: Aug 2022
Updated at: Aug 2022
Software Type: CMS
Vendor: Emlog
Product: Emlog
Codename: Not available