Product:

Empirecms

(Phome)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 15
Date Id Summary Products Score Patch Annotated
2024-01-09 CVE-2023-50162 SQL injection vulnerability in EmpireCMS v7.5, allows remote attackers to execute arbitrary code and obtain sensitive information via the DoExecSql function. Empirecms 7.2
2021-08-17 CVE-2020-22937 A remote code execution (RCE) in e/install/index.php of EmpireCMS 7.5 allows attackers to execute arbitrary PHP code via writing malicious code to the install file. Empirecms 9.8
2022-05-03 CVE-2022-28585 EmpireCMS 7.5 has a SQL injection vulnerability in AdClass.php Empirecms 9.8
2019-06-07 CVE-2018-19461 admin\db\DoSql.php in EmpireCMS through 7.5 allows XSS via crafted SQL syntax to admin/admin.php. Empirecms 4.8
2019-06-07 CVE-2018-19462 admin\db\DoSql.php in EmpireCMS through 7.5 allows remote attackers to execute arbitrary PHP code via SQL injection that uses a .php filename in a SELECT INTO OUTFILE statement to admin/admin.php. Empirecms 7.2
2018-02-12 CVE-2018-6880 EmpireCMS 6.6 through 7.2 allows remote attackers to discover the full path via an array value for a parameter to class/connect.php. Empirecms 5.3
2018-02-12 CVE-2018-6881 EmpireCMS 6.6 allows remote attackers to discover the full path via an array value for a parameter to admin/tool/ShowPic.php. Dedecms, Empirecms 5.3
2019-05-27 CVE-2019-12362 EmpireCMS 7.5.0 has XSS via the HTTP Referer header to e/member/doaction.php. Empirecms 6.1
2019-05-27 CVE-2019-12361 EmpireCMS 7.5.0 has XSS via the from parameter to e/member/doaction.php, as demonstrated by a CSRF payload that changes the dynamic page template. The attacker can choose to resend the e/template/member/regsend.php registered activation mail page. Empirecms 6.1
2018-12-19 CVE-2018-20300 Empire CMS 7.5 allows remote attackers to execute arbitrary PHP code via the ftemp parameter in an enews=EditMemberForm action because this code is injected into a memberform.$fid.php file. Empirecms 9.8