CVE-2026-41517

Published: Mag 09, 2026 Last Modified: Mag 09, 2026

ExploitDB:

Other exploit source:

Google Dorks:

Description

AI Translation Available

Emlog is an open source website building system. Prior to version 2.6.11, insecure plugin upload functionality allows attackers to upload and execute arbitrary PHP code, leading to complete server compromise and persistent backdoor installation. This issue has been patched in version 2.6.11.

434

Unrestricted Upload of File with Dangerous Type

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity Confidentiality Availability

Potential Impacts:

Execute Unauthorized Code Or Commands

Applicable Platforms

Languages: ASP.NET, Not Language-Specific, PHP

Technologies: AI/ML, Web Server

Likelihood of Exploit: Medium

View CWE Details

https://github.com/emlog/emlog/security/advisories/GHSA-8qw…

https://github.com/emlog/emlog/security/advisories/GHSA-8qwx-6jx6-94x4

CVE-2026-41517

Description

Unrestricted Upload of File with Dangerous Type

Common Consequences

Applicable Platforms

Iscriviti alla newsletter