CVE Catalog

CVE-2026-42287

Critical
Published: Translated: NVD NIST

Summary

Emlog is an open source website building system. Prior to version 2.6.11, direct SQL injection in article creation and update functions allowed attackers to execute arbitrary SQL commands.

Risk Assessment

This vulnerability could lead to complete database compromise, data theft, or system destruction, posing a serious threat to organizations.

Recommendation

It is recommended to upgrade to version 2.6.11 or later to mitigate this vulnerability.

Original NVD description (English source)

Emlog is an open source website building system. Prior to version 2.6.11, direct SQL injection in article creation and update functions allows attackers to execute arbitrary SQL commands, potentially leading to complete database compromise, data theft, or system destruction. This issue has been patched in version 2.6.11.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS