Nixpkgs security tracker
Untriaged
Permalink
CVE-2026-34788
6.5 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): HIGH
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): NONE
Emlog: SQL Injection in tag_model::updateTagName() via unsanitized parameters
Emlog is an open source website building system. In versions 2.6.2 and prior, a SQL injection vulnerability exists in include/model/tag_model.php at line 168. The updateTagName() function directly interpolates user input into the SQL query string without using parameterized queries or proper escaping ($this->db->escape_string()), making it vulnerable to SQL injection attacks. At time of publication, there are no publicly available patches.
References
-
https://github.com/emlog/emlog/security/advisories/GHSA-32mg-33qq-p3gf x_refsource_CONFIRM
Affected products
emlog
- ==<= 2.6.2
Matching in nixpkgs
pkgs.libsForQt5.ksystemlog
System log viewer
pkgs.kdePackages.ksystemlog
KDE SystemLog Application
pkgs.plasma5Packages.ksystemlog
System log viewer
Package maintainers
-
@ttuegel Thomas Tuegel <ttuegel@mailbox.org>
-
@K900 Ilya K. <me@0upti.me>
-
@NickCao Nick Cao <nickcao@nichi.co>
-
@LunNova Luna Nova <nixpkgs-maintainer@lunnova.dev>
-
@mjm Matt Moriarity <matt@mattmoriarity.com>
-
@ilya-fedin Ilya Fedin <fedin-ilja2010@ya.ru>
-
@SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>
-
@peterhoeg Peter Hoeg <peter@hoeg.com>