Empire CMS 7.5 allows remote malicious users to execute arbitrary PHP code via the ftemp parameter in an enews=EditMemberForm action because this code is injected into a memberform.$fid.php file.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
phome empirecms 7.5 |