Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
phome empirecms vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2019-12361
EmpireCMS 7.5.0 has XSS via the from parameter to e/member/doaction.php, as demonstrated by a CSRF payload that changes the dynamic page template. The attacker can choose to resend the e/template/member/regsend.php registered activation mail page.
Phome Empirecms 7.5.0
6.1
CVSSv3
CVE-2019-12362
EmpireCMS 7.5.0 has XSS via the HTTP Referer header to e/member/doaction.php.
Phome Empirecms 7.5.0
9.8
CVSSv3
CVE-2020-22937
A remote code execution (RCE) in e/install/index.php of EmpireCMS 7.5 allows malicious users to execute arbitrary PHP code via writing malicious code to the install file.
Phome Empirecms 7.5
9.8
CVSSv3
CVE-2018-18869
EmpireCMS V7.5 allows remote malicious users to upload and execute arbitrary code via ..%2F directory traversal in a .php filename in the upload/e/admin/ecmscom.php path parameter.
Phome Empirecms 7.5
8.8
CVSSv3
CVE-2018-16339
An issue exists in EmpireCMS 7.0. There is a CSRF vulnerability that can add administrators via upload/e/admin/user/AddUser.php?enews=AddUser.
Phome Empirecms 7.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-40673
CVE-2024-36674
CVE-2024-27348
unspecified
CVE-2024-24919
CVE-2024-4870
malicious code
CVE-2024-2019
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2