Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
empirecms vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2018-6881
EmpireCMS 6.6 allows remote malicious users to discover the full path via an array value for a parameter to admin/tool/ShowPic.php.
Dedecms Dedecms 5.7
Phome Empirecms 6.6
Phome Empirecms 7.0
Phome Empirecms 7.2
5.3
CVSSv3
CVE-2018-6880
EmpireCMS 6.6 up to and including 7.2 allows remote malicious users to discover the full path via an array value for a parameter to class/connect.php.
Phome Empirecms
4.8
CVSSv3
CVE-2018-19461
admin\db\DoSql.php in EmpireCMS up to and including 7.5 allows XSS via crafted SQL syntax to admin/admin.php.
Phome Empirecms
7.2
CVSSv3
CVE-2018-19462
admin\db\DoSql.php in EmpireCMS up to and including 7.5 allows remote malicious users to execute arbitrary PHP code via SQL injection that uses a .php filename in a SELECT INTO OUTFILE statement to admin/admin.php.
Phome Empirecms
9.8
CVSSv3
CVE-2018-20300
Empire CMS 7.5 allows remote malicious users to execute arbitrary PHP code via the ftemp parameter in an enews=EditMemberForm action because this code is injected into a memberform.$fid.php file.
Phome Empirecms 7.5
8.8
CVSSv3
CVE-2018-18449
EmpireCMS 7.5 allows CSRF for adding a user account via an enews=AddUser action to e/admin/user/ListUser.php, a similar issue to CVE-2018-16339.
Phome Empirecms 7.5
8.8
CVSSv3
CVE-2018-16339
An issue exists in EmpireCMS 7.0. There is a CSRF vulnerability that can add administrators via upload/e/admin/user/AddUser.php?enews=AddUser.
Phome Empirecms 7.0
9.8
CVSSv3
CVE-2022-28585
EmpireCMS 7.5 has a SQL injection vulnerability in AdClass.php
Phome Empirecms 7.5
9.8
CVSSv3
CVE-2023-50073
EmpireCMS v7.5 exists to contain a SQL injection vulnerability via the ftppassword parameter at SetEnews.php.
Leadscloud Empirecms 7.5
7.2
CVSSv3
CVE-2023-50162
SQL injection vulnerability in EmpireCMS v7.5, allows remote malicious users to execute arbitrary code and obtain sensitive information via the DoExecSql function.
Phome Empirecms 7.5
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977
IMAP
local users
CVE-2024-32038
CVE-2023-49963
CVE-2023-22869
CVE-2024-31497
local
CVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »