Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
phome empirecms 7.5 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2020-22937
A remote code execution (RCE) in e/install/index.php of EmpireCMS 7.5 allows malicious users to execute arbitrary PHP code via writing malicious code to the install file.
Phome Empirecms 7.5
7.5
CVSSv2
CVE-2018-18869
EmpireCMS V7.5 allows remote malicious users to upload and execute arbitrary code via ..%2F directory traversal in a .php filename in the upload/e/admin/ecmscom.php path parameter.
Phome Empirecms 7.5
NA
CVE-2023-50162
SQL injection vulnerability in EmpireCMS v7.5, allows remote malicious users to execute arbitrary code and obtain sensitive information via the DoExecSql function.
Phome Empirecms 7.5
7.5
CVSSv2
CVE-2022-28585
EmpireCMS 7.5 has a SQL injection vulnerability in AdClass.php
Phome Empirecms 7.5
7.5
CVSSv2
CVE-2018-20300
Empire CMS 7.5 allows remote malicious users to execute arbitrary PHP code via the ftemp parameter in an enews=EditMemberForm action because this code is injected into a memberform.$fid.php file.
Phome Empirecms 7.5
6.5
CVSSv2
CVE-2018-18086
EmpireCMS v7.5 has an arbitrary file upload vulnerability in the LoadInMod function in e/class/moddofun.php, exploitable by logged-in users.
Phome Empirecms 7.5
6.8
CVSSv2
CVE-2018-18449
EmpireCMS 7.5 allows CSRF for adding a user account via an enews=AddUser action to e/admin/user/ListUser.php, a similar issue to CVE-2018-16339.
Phome Empirecms 7.5
3.5
CVSSv2
CVE-2018-19461
admin\db\DoSql.php in EmpireCMS up to and including 7.5 allows XSS via crafted SQL syntax to admin/admin.php.
Phome Empirecms
6.5
CVSSv2
CVE-2018-19462
admin\db\DoSql.php in EmpireCMS up to and including 7.5 allows remote malicious users to execute arbitrary PHP code via SQL injection that uses a .php filename in a SELECT INTO OUTFILE statement to admin/admin.php.
Phome Empirecms
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
administrator privileges
CVE-2024-1579
hardcoded
CVE-2023-20198
CVE-2024-33587
CVE-2024-33449
CVE-2024-4308
HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started