Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
empirecms vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2018-6881
EmpireCMS 6.6 allows remote malicious users to discover the full path via an array value for a parameter to admin/tool/ShowPic.php.
Dedecms Dedecms 5.7
Phome Empirecms 6.6
Phome Empirecms 7.0
Phome Empirecms 7.2
5.3
CVSSv3
CVE-2018-6880
EmpireCMS 6.6 up to and including 7.2 allows remote malicious users to discover the full path via an array value for a parameter to class/connect.php.
Phome Empirecms
4.8
CVSSv3
CVE-2018-19461
admin\db\DoSql.php in EmpireCMS up to and including 7.5 allows XSS via crafted SQL syntax to admin/admin.php.
Phome Empirecms
7.2
CVSSv3
CVE-2018-19462
admin\db\DoSql.php in EmpireCMS up to and including 7.5 allows remote malicious users to execute arbitrary PHP code via SQL injection that uses a .php filename in a SELECT INTO OUTFILE statement to admin/admin.php.
Phome Empirecms
9.8
CVSSv3
CVE-2018-20300
Empire CMS 7.5 allows remote malicious users to execute arbitrary PHP code via the ftemp parameter in an enews=EditMemberForm action because this code is injected into a memberform.$fid.php file.
Phome Empirecms 7.5
9.8
CVSSv3
CVE-2018-18869
EmpireCMS V7.5 allows remote malicious users to upload and execute arbitrary code via ..%2F directory traversal in a .php filename in the upload/e/admin/ecmscom.php path parameter.
Phome Empirecms 7.5
8.8
CVSSv3
CVE-2018-18086
EmpireCMS v7.5 has an arbitrary file upload vulnerability in the LoadInMod function in e/class/moddofun.php, exploitable by logged-in users.
Phome Empirecms 7.5
9.8
CVSSv3
CVE-2023-50073
EmpireCMS v7.5 exists to contain a SQL injection vulnerability via the ftppassword parameter at SetEnews.php.
Leadscloud Empirecms 7.5
7.2
CVSSv3
CVE-2023-50162
SQL injection vulnerability in EmpireCMS v7.5, allows remote malicious users to execute arbitrary code and obtain sensitive information via the DoExecSql function.
Phome Empirecms 7.5
9.8
CVSSv3
CVE-2022-28585
EmpireCMS 7.5 has a SQL injection vulnerability in AdClass.php
Phome Empirecms 7.5
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040
privilege escalation
CVE-2024-4112
CVE-2024-32872
man-in-the-middle
CVE-2024-32788
bypass
CVE-2024-3400
CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »