6.8
CVSSv2

CVE-2012-5777

Published: 16/11/2012 Updated: 29/08/2017
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

Eval injection vulnerability in the ReplaceListVars function in the template parser in e/class/connect.php in EmpireCMS 6.6 allows user-assisted remote malicious users to execute arbitrary PHP code via a crafted template.

Affected Products

Vendor Product Versions
PhomeEmpirecms6.6

Mailing Lists

EmpireCMS version 66 template parser suffers from a remote PHP code execution vulnerability ...