Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Phome Subscribe
Filtered by product Empirecms
Total 14 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-22937 1 Phome 1 Empirecms 2022-10-26 7.5 HIGH 9.8 CRITICAL
A remote code execution (RCE) in e/install/index.php of EmpireCMS 7.5 allows attackers to execute arbitrary PHP code via writing malicious code to the install file.
CVE-2022-28585 1 Phome 1 Empirecms 2022-05-09 7.5 HIGH 9.8 CRITICAL
EmpireCMS 7.5 has a SQL injection vulnerability in AdClass.php
CVE-2018-6880 1 Phome 1 Empirecms 2022-02-18 5.0 MEDIUM 5.3 MEDIUM
EmpireCMS 6.6 through 7.2 allows remote attackers to discover the full path via an array value for a parameter to class/connect.php.
CVE-2018-6881 2 Dedecms, Phome 2 Dedecms, Empirecms 2022-02-18 5.0 MEDIUM 5.3 MEDIUM
EmpireCMS 6.6 allows remote attackers to discover the full path via an array value for a parameter to admin/tool/ShowPic.php.
CVE-2018-19462 1 Phome 1 Empirecms 2020-08-24 6.5 MEDIUM 7.2 HIGH
admin\db\DoSql.php in EmpireCMS through 7.5 allows remote attackers to execute arbitrary PHP code via SQL injection that uses a .php filename in a SELECT INTO OUTFILE statement to admin/admin.php.
CVE-2019-12361 1 Phome 1 Empirecms 2020-08-24 4.3 MEDIUM 6.1 MEDIUM
EmpireCMS 7.5.0 has XSS via the from parameter to e/member/doaction.php, as demonstrated by a CSRF payload that changes the dynamic page template. The attacker can choose to resend the e/template/member/regsend.php registered activation mail page.
CVE-2018-19461 1 Phome 1 Empirecms 2019-06-09 3.5 LOW 4.8 MEDIUM
admin\db\DoSql.php in EmpireCMS through 7.5 allows XSS via crafted SQL syntax to admin/admin.php.
CVE-2019-12362 1 Phome 1 Empirecms 2019-05-28 4.3 MEDIUM 6.1 MEDIUM
EmpireCMS 7.5.0 has XSS via the HTTP Referer header to e/member/doaction.php.
CVE-2018-18449 1 Phome 1 Empirecms 2019-03-08 6.8 MEDIUM 8.8 HIGH
EmpireCMS 7.5 allows CSRF for adding a user account via an enews=AddUser action to e/admin/user/ListUser.php, a similar issue to CVE-2018-16339.
CVE-2018-20300 1 Phome 1 Empirecms 2019-02-05 7.5 HIGH 9.8 CRITICAL
Empire CMS 7.5 allows remote attackers to execute arbitrary PHP code via the ftemp parameter in an enews=EditMemberForm action because this code is injected into a memberform.$fid.php file.
CVE-2018-18869 1 Phome 1 Empirecms 2018-12-10 7.5 HIGH 9.8 CRITICAL
EmpireCMS V7.5 allows remote attackers to upload and execute arbitrary code via ..%2F directory traversal in a .php filename in the upload/e/admin/ecmscom.php path parameter.
CVE-2018-18086 1 Phome 1 Empirecms 2018-11-25 6.5 MEDIUM 8.8 HIGH
EmpireCMS v7.5 has an arbitrary file upload vulnerability in the LoadInMod function in e/class/moddofun.php, exploitable by logged-in users.
CVE-2018-16339 1 Phome 1 Empirecms 2018-10-25 6.8 MEDIUM 8.8 HIGH
An issue was discovered in EmpireCMS 7.0. There is a CSRF vulnerability that can add administrators via upload/e/admin/user/AddUser.php?enews=AddUser.
CVE-2012-5777 1 Phome 1 Empirecms 2017-08-28 6.8 MEDIUM N/A
Eval injection vulnerability in the ReplaceListVars function in the template parser in e/class/connect.php in EmpireCMS 6.6 allows user-assisted remote attackers to execute arbitrary PHP code via a crafted template.