Untriaged
Permalink
CVE-2026-31954
0.0 NONE
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): LOW
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): NONE
- Integrity impact (I): NONE
- Availability impact (A): NONE
Emlog asynchronous media file deletion missing CSRF protection
Emlog is an open source website building system. In 2.6.6 and earlier, the delete_async action (asynchronous delete) lacks a call to LoginAuth::checkToken(), enabling CSRF attacks.
References
- https://github.com/emlog/emlog/security/advisories/GHSA-xc26-93qj-rcrw x_refsource_CONFIRM
Affected products
emlog
- ==<= 2.6.6
Matching in nixpkgs
pkgs.libsForQt5.ksystemlog
System log viewer
pkgs.kdePackages.ksystemlog
KDE SystemLog Application
pkgs.plasma5Packages.ksystemlog
System log viewer
Package maintainers
-
@FRidh Frederik Rietdijk <fridh@fridh.nl>
-
@K900 Ilya K. <me@0upti.me>
-
@peterhoeg Peter Hoeg <peter@hoeg.com>
-
@ttuegel Thomas Tuegel <ttuegel@mailbox.org>
-
@nyanloutre Paul Trehiou <paul@nyanlout.re>
-
@mjm Matt Moriarity <matt@mattmoriarity.com>
-
@NickCao Nick Cao <nickcao@nichi.co>
-
@SCOTT-HAMILTON Scott Hamilton <sgn.hamilton@protonmail.com>
-
@ilya-fedin Ilya Fedin <fedin-ilja2010@ya.ru>
-
@LunNova Luna Nova <nixpkgs-maintainer@lunnova.dev>
-
@SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>
-
@bkchr Bastian Köcher <nixos@kchr.de>