Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
phome vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2012-5777
Eval injection vulnerability in the ReplaceListVars function in the template parser in e/class/connect.php in EmpireCMS 6.6 allows user-assisted remote malicious users to execute arbitrary PHP code via a crafted template.
Phome Empirecms 6.6
4.3
CVSSv2
CVE-2019-12362
EmpireCMS 7.5.0 has XSS via the HTTP Referer header to e/member/doaction.php.
Phome Empirecms 7.5.0
6.8
CVSSv2
CVE-2018-18449
EmpireCMS 7.5 allows CSRF for adding a user account via an enews=AddUser action to e/admin/user/ListUser.php, a similar issue to CVE-2018-16339.
Phome Empirecms 7.5
6.5
CVSSv2
CVE-2018-18086
EmpireCMS v7.5 has an arbitrary file upload vulnerability in the LoadInMod function in e/class/moddofun.php, exploitable by logged-in users.
Phome Empirecms 7.5
7.5
CVSSv2
CVE-2022-28585
EmpireCMS 7.5 has a SQL injection vulnerability in AdClass.php
Phome Empirecms 7.5
4.3
CVSSv2
CVE-2019-12361
EmpireCMS 7.5.0 has XSS via the from parameter to e/member/doaction.php, as demonstrated by a CSRF payload that changes the dynamic page template. The attacker can choose to resend the e/template/member/regsend.php registered activation mail page.
Phome Empirecms 7.5.0
NA
CVE-2023-50162
SQL injection vulnerability in EmpireCMS v7.5, allows remote malicious users to execute arbitrary code and obtain sensitive information via the DoExecSql function.
Phome Empirecms 7.5
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2