Deserialization of Untrusted Data in emlog pro v.2.1.15 and previous versions allows a remote malicious user to execute arbitrary code via the cache.php component.
emlog emlog