Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
phome vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2018-6881
EmpireCMS 6.6 allows remote malicious users to discover the full path via an array value for a parameter to admin/tool/ShowPic.php.
Dedecms Dedecms 5.7
Phome Empirecms 6.6
Phome Empirecms 7.0
Phome Empirecms 7.2
755
VMScore
CVE-2009-2269
SQL injection vulnerability in Empire CMS 5.1 allows remote malicious users to execute arbitrary SQL commands via the bid parameter to the default URI under e/tool/gbook/.
Phome Empire Phome Empire Cms 5.1
1 EDB exploit
755
VMScore
CVE-2006-4354
PHP remote file inclusion vulnerability in e/class/CheckLevel.php in Phome Empire CMS 3.7 and previous versions allows remote malicious users to execute arbitrary PHP code via a URL in the check_path parameter.
Phome Empire Phome Empire Cms 3.7
1 EDB exploit
312
VMScore
CVE-2018-19461
admin\db\DoSql.php in EmpireCMS up to and including 7.5 allows XSS via crafted SQL syntax to admin/admin.php.
Phome Empirecms
578
VMScore
CVE-2018-19462
admin\db\DoSql.php in EmpireCMS up to and including 7.5 allows remote malicious users to execute arbitrary PHP code via SQL injection that uses a .php filename in a SELECT INTO OUTFILE statement to admin/admin.php.
Phome Empirecms
445
VMScore
CVE-2018-6880
EmpireCMS 6.6 up to and including 7.2 allows remote malicious users to discover the full path via an array value for a parameter to class/connect.php.
Phome Empirecms
605
VMScore
CVE-2018-18449
EmpireCMS 7.5 allows CSRF for adding a user account via an enews=AddUser action to e/admin/user/ListUser.php, a similar issue to CVE-2018-16339.
Phome Empirecms 7.5
605
VMScore
CVE-2012-5777
Eval injection vulnerability in the ReplaceListVars function in the template parser in e/class/connect.php in EmpireCMS 6.6 allows user-assisted remote malicious users to execute arbitrary PHP code via a crafted template.
Phome Empirecms 6.6
605
VMScore
CVE-2018-16339
An issue exists in EmpireCMS 7.0. There is a CSRF vulnerability that can add administrators via upload/e/admin/user/AddUser.php?enews=AddUser.
Phome Empirecms 7.0
383
VMScore
CVE-2019-12362
EmpireCMS 7.5.0 has XSS via the HTTP Referer header to e/member/doaction.php.
Phome Empirecms 7.5.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028
CVE-2024-32406
CVE-2024-25624
IMAP
CVE-2024-2310
CVE-2024-0874
CVE-2024-20359
XXE
remote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »