Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
phome empirecms vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2018-6881
EmpireCMS 6.6 allows remote malicious users to discover the full path via an array value for a parameter to admin/tool/ShowPic.php.
Dedecms Dedecms 5.7
Phome Empirecms 6.6
Phome Empirecms 7.0
Phome Empirecms 7.2
312
VMScore
CVE-2018-19461
admin\db\DoSql.php in EmpireCMS up to and including 7.5 allows XSS via crafted SQL syntax to admin/admin.php.
Phome Empirecms
578
VMScore
CVE-2018-19462
admin\db\DoSql.php in EmpireCMS up to and including 7.5 allows remote malicious users to execute arbitrary PHP code via SQL injection that uses a .php filename in a SELECT INTO OUTFILE statement to admin/admin.php.
Phome Empirecms
445
VMScore
CVE-2018-6880
EmpireCMS 6.6 up to and including 7.2 allows remote malicious users to discover the full path via an array value for a parameter to class/connect.php.
Phome Empirecms
NA
CVE-2023-50162
SQL injection vulnerability in EmpireCMS v7.5, allows remote malicious users to execute arbitrary code and obtain sensitive information via the DoExecSql function.
Phome Empirecms 7.5
668
VMScore
CVE-2020-22937
A remote code execution (RCE) in e/install/index.php of EmpireCMS 7.5 allows malicious users to execute arbitrary PHP code via writing malicious code to the install file.
Phome Empirecms 7.5
383
VMScore
CVE-2019-12362
EmpireCMS 7.5.0 has XSS via the HTTP Referer header to e/member/doaction.php.
Phome Empirecms 7.5.0
605
VMScore
CVE-2018-16339
An issue exists in EmpireCMS 7.0. There is a CSRF vulnerability that can add administrators via upload/e/admin/user/AddUser.php?enews=AddUser.
Phome Empirecms 7.0
605
VMScore
CVE-2018-18449
EmpireCMS 7.5 allows CSRF for adding a user account via an enews=AddUser action to e/admin/user/ListUser.php, a similar issue to CVE-2018-16339.
Phome Empirecms 7.5
668
VMScore
CVE-2018-18869
EmpireCMS V7.5 allows remote malicious users to upload and execute arbitrary code via ..%2F directory traversal in a .php filename in the upload/e/admin/ecmscom.php path parameter.
Phome Empirecms 7.5
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
CVE-2006-4304
CVE-2023-26603
CVE-2024-28327
CVE-2023-50363
CVE-2024-21905
template injection
CVE-2024-3400
cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »