Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

ELOG < 2.6.2 Multiple Vulnerabilities



The remote host is vulnerable to multiple attack vectors.


The remote host appears to be using ELOG, a web-based electronic logbook application. The version of ELOG installed on the remote host fails to filter directory traversal strings before processing GET requests. An attacker can exploit this issue to retrieve the contents of arbitrary files from the remote host, subject to the privileges under which ELOG runs. In addition, the application is reportedly affected by a format string vulnerability in the 'write_logfile'. Provided logging is enabled, an attacker may be able to exploit this via the 'uname' parameter of the login form to crash the application or execute arbitrary code remotely.


Upgrade to version 2.6.2 or higher.