This finding has been verified with emlog version 1.6.1. emlog is a CMS developed using the Django framework. It is currently maintained by the emlog team. The latest official release of emlog is version 2.2.2. In order to verify if the installation of emlog is vulnerable to any issues, it is recommended to patch the software. The recommended patch information has been provided below in order to fix the security issue.

emlog version and patch information

Latest release:
emlog version 2.2.2
PATCH IT:
pip install jinja2==2.10
pip install django==1.7
pip install django-compressor==0.9.6

Dangers of emlog CMS

Emlog is a CMS developed using the Django framework. It is currently maintained by the emlog team. The latest official release of emlog is version 2.2.2. In order to verify if the installation of emlog is vulnerable to any issues, it is recommended to patch the software. The recommended patch information has been provided below in order to fix the security issue.

Step 1: Remove emlog from WordPress

In order to patch the software, you will need to remove emlog from your WordPress installation. Note that this step is only necessary for sites with a working installation of WordPress and does not apply to websites which do not use WordPress as their CMS.

References:

1. https://github.com/emlog/emlog
2. CVE-2022-3968
3. http://www.kb.cert.org/vuls/id/193460
4. https://www.symantec.com/security_response/securityupdates

Timeline

Published on: 11/13/2022 08:15:00 UTC
Last modified on: 11/17/2022 20:34:00 UTC

References