Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-46540

A remote code execution (RCE) vulnerability in the component /admin/store.php of Emlog Pro before v2.3.15 allows attackers to use remote file downloads and self-extract fucntions to upload webshells to the target server, thereby obtaining system privileges.

Published

2024-09-30T17:15:04.550

Last Modified

2025-06-17T15:57:20.630

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.3 (MEDIUM)

Weaknesses

Type: Secondary
CWE-266

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	emlog	emlog	< 2.3.15	Yes

References

https://gist.github.com/microvorld/1c1ef9c3390a5d88a5ede9f9424a8bd2 Third Party Advisory ([email protected])
https://github.com/emlog/emlog Product ([email protected])
https://github.com/microvorld/CVE-2024/blob/main/emlog.md Exploit, Third Party Advisory ([email protected])