Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
phome empirecms vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2018-6881
EmpireCMS 6.6 allows remote malicious users to discover the full path via an array value for a parameter to admin/tool/ShowPic.php.
Phome Empirecms 6.6
Phome Empirecms 7.0
Phome Empirecms 7.2
Dedecms Dedecms 5.7
5.3
CVSSv3
CVE-2018-6880
EmpireCMS 6.6 up to and including 7.2 allows remote malicious users to discover the full path via an array value for a parameter to class/connect.php.
Phome Empirecms
4.8
CVSSv3
CVE-2018-19461
admin\db\DoSql.php in EmpireCMS up to and including 7.5 allows XSS via crafted SQL syntax to admin/admin.php.
Phome Empirecms
7.2
CVSSv3
CVE-2018-19462
admin\db\DoSql.php in EmpireCMS up to and including 7.5 allows remote malicious users to execute arbitrary PHP code via SQL injection that uses a .php filename in a SELECT INTO OUTFILE statement to admin/admin.php.
Phome Empirecms
9.8
CVSSv3
CVE-2022-28585
EmpireCMS 7.5 has a SQL injection vulnerability in AdClass.php
Phome Empirecms 7.5
8.8
CVSSv3
CVE-2018-16339
An issue exists in EmpireCMS 7.0. There is a CSRF vulnerability that can add administrators via upload/e/admin/user/AddUser.php?enews=AddUser.
Phome Empirecms 7.0
9.8
CVSSv3
CVE-2020-22937
A remote code execution (RCE) in e/install/index.php of EmpireCMS 7.5 allows malicious users to execute arbitrary PHP code via writing malicious code to the install file.
Phome Empirecms 7.5
9.8
CVSSv3
CVE-2018-20300
Empire CMS 7.5 allows remote malicious users to execute arbitrary PHP code via the ftemp parameter in an enews=EditMemberForm action because this code is injected into a memberform.$fid.php file.
Phome Empirecms 7.5
9.8
CVSSv3
CVE-2018-18869
EmpireCMS V7.5 allows remote malicious users to upload and execute arbitrary code via ..%2F directory traversal in a .php filename in the upload/e/admin/ecmscom.php path parameter.
Phome Empirecms 7.5
7.2
CVSSv3
CVE-2023-50162
SQL injection vulnerability in EmpireCMS v7.5, allows remote malicious users to execute arbitrary code and obtain sensitive information via the DoExecSql function.
Phome Empirecms 7.5
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30078
CVE-2024-37896
code injection
CVE-2024-3080
CVE-2024-5172
cross-site request forgery
CVE-2024-6111
firmware
CVE-2024-38504
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »