CVE-2018-19462

2019-06-07T17:29:00
ID CVE-2018-19462
Type cve
Reporter cve@mitre.org
Modified 2020-08-24T17:37:00

Description

admin\db\DoSql.php in EmpireCMS through 7.5 allows remote attackers to execute arbitrary PHP code via SQL injection that uses a .php filename in a SELECT INTO OUTFILE statement to admin/admin.php.