Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Empirecms Security Vulnerabilities

cve
cve

CVE-2023-50162

SQL injection vulnerability in EmpireCMS v7.5, allows remote attackers to execute arbitrary code and obtain sensitive information via the DoExecSql...

7.2CVSS

8.9AI Score

0.001EPSS

2024-01-09 12:15 AM
12
cve
cve

CVE-2023-50073

EmpireCMS v7.5 was discovered to contain a SQL injection vulnerability via the ftppassword parameter at...

9.8CVSS

8.8AI Score

0.001EPSS

2023-12-14 03:15 PM
5
cve
cve

CVE-2022-28585

EmpireCMS 7.5 has a SQL injection vulnerability in...

9.8CVSS

9.7AI Score

0.002EPSS

2022-05-03 06:15 PM
48
cve
cve

CVE-2020-22937

A remote code execution (RCE) in e/install/index.php of EmpireCMS 7.5 allows attackers to execute arbitrary PHP code via writing malicious code to the install...

9.8CVSS

8.9AI Score

0.008EPSS

2021-08-17 07:15 PM
48
2
cve
cve

CVE-2018-19461

admin\db\DoSql.php in EmpireCMS through 7.5 allows XSS via crafted SQL syntax to...

4.8CVSS

6.9AI Score

0.001EPSS

2019-06-07 05:29 PM
43
cve
cve

CVE-2018-19462

admin\db\DoSql.php in EmpireCMS through 7.5 allows remote attackers to execute arbitrary PHP code via SQL injection that uses a .php filename in a SELECT INTO OUTFILE statement to...

7.2CVSS

9.3AI Score

0.007EPSS

2019-06-07 05:29 PM
59
cve
cve

CVE-2019-12362

EmpireCMS 7.5.0 has XSS via the HTTP Referer header to...

6.1CVSS

6.2AI Score

0.001EPSS

2019-05-27 11:29 PM
33
cve
cve

CVE-2019-12361

EmpireCMS 7.5.0 has XSS via the from parameter to e/member/doaction.php, as demonstrated by a CSRF payload that changes the dynamic page template. The attacker can choose to resend the e/template/member/regsend.php registered activation mail...

6.1CVSS

6.2AI Score

0.001EPSS

2019-05-27 11:29 PM
44
cve
cve

CVE-2018-18449

EmpireCMS 7.5 allows CSRF for adding a user account via an enews=AddUser action to e/admin/user/ListUser.php, a similar issue to...

8.8CVSS

8.7AI Score

0.001EPSS

2019-03-07 11:29 PM
22
cve
cve

CVE-2018-20300

Empire CMS 7.5 allows remote attackers to execute arbitrary PHP code via the ftemp parameter in an enews=EditMemberForm action because this code is injected into a memberform.$fid.php...

9.8CVSS

8.4AI Score

0.015EPSS

2018-12-20 12:29 AM
21
cve
cve

CVE-2018-18869

EmpireCMS V7.5 allows remote attackers to upload and execute arbitrary code via ..%2F directory traversal in a .php filename in the upload/e/admin/ecmscom.php path...

9.8CVSS

8.5AI Score

0.005EPSS

2018-10-31 06:29 AM
20
cve
cve

CVE-2018-18086

EmpireCMS v7.5 has an arbitrary file upload vulnerability in the LoadInMod function in e/class/moddofun.php, exploitable by logged-in...

8.8CVSS

7.5AI Score

0.001EPSS

2018-10-09 08:29 PM
20
cve
cve

CVE-2018-16339

An issue was discovered in EmpireCMS 7.0. There is a CSRF vulnerability that can add administrators via...

8.8CVSS

8.6AI Score

0.001EPSS

2018-09-02 06:29 PM
20
cve
cve

CVE-2018-6881

EmpireCMS 6.6 allows remote attackers to discover the full path via an array value for a parameter to...

5.3CVSS

7.5AI Score

0.003EPSS

2018-02-12 03:29 AM
29
cve
cve

CVE-2018-6880

EmpireCMS 6.6 through 7.2 allows remote attackers to discover the full path via an array value for a parameter to...

5.3CVSS

7.5AI Score

0.001EPSS

2018-02-12 03:29 AM
32
cve
cve

CVE-2012-5777

Eval injection vulnerability in the ReplaceListVars function in the template parser in e/class/connect.php in EmpireCMS 6.6 allows user-assisted remote attackers to execute arbitrary PHP code via a crafted...

7.8AI Score

0.014EPSS

2012-11-16 12:55 AM
25