emlog v5.3.1 has full path disclosure vulnerability in t/index.php, which allows an malicious user to see the path to the webroot/file.
emlog emlog 5.3.1