CVE-2023-50162

SQL injection vulnerability in EmpireCMS v7.5, allows remote attackers to execute arbitrary code and obtain sensitive information via the DoExecSql function...

CVE-2023-50073

EmpireCMS v7.5 was discovered to contain a SQL injection vulnerability via the ftppassword parameter at SetEnews.php...

CVE-2018-19462

admin\db\DoSql.php in EmpireCMS through 7.5 allows remote attackers to execute arbitrary PHP code via SQL injection that uses a .php filename in a SELECT INTO OUTFILE statement to admin/admin.php...

CVE-2019-12361

EmpireCMS 7.5.0 has XSS via the from parameter to e/member/doaction.php, as demonstrated by a CSRF payload that changes the dynamic page template. The attacker can choose to resend the e/template/member/regsend.php registered activation mail page...

CVE-2019-12362

EmpireCMS 7.5.0 has XSS via the HTTP Referer header to e/member/doaction.php...

CVE-2025-15423

A vulnerability has been found in EmpireSoft EmpireCMS up to 8.0. Impacted is the function CheckSaveTranFiletype of the file e/class/connect.php. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The...

CVE-2025-15422

A flaw has been found in EmpireSoft EmpireCMS up to 8.0. This issue affects the function egetip of the file e/class/connect.php of the component IP Address Handler. This manipulation causes protection mechanism failure. The attack may be initiated remotely. The exploit has been published and may ...

CVE-2025-15423

A vulnerability has been found in EmpireSoft EmpireCMS up to 8.0. Impacted is the function CheckSaveTranFiletype of the file e/class/connect.php. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The...

CVE-2025-15423

A vulnerability has been found in EmpireSoft EmpireCMS up to 8.0. Impacted is the function CheckSaveTranFiletype of the file e/class/connect.php. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The...

CVE-2025-15422

A flaw has been found in EmpireSoft EmpireCMS up to 8.0. This issue affects the function egetip of the file e/class/connect.php of the component IP Address Handler. This manipulation causes protection mechanism failure. The attack may be initiated remotely. The exploit has been published and may ...

CVE-2025-15422

A flaw has been found in EmpireSoft EmpireCMS up to 8.0. This issue affects the function egetip of the file e/class/connect.php of the component IP Address Handler. This manipulation causes protection mechanism failure. The attack may be initiated remotely. The exploit has been published and may ...

CVE-2025-15423 EmpireSoft EmpireCMS connect.php CheckSaveTranFiletype unrestricted upload

A vulnerability has been found in EmpireSoft EmpireCMS up to 8.0. Impacted is the function CheckSaveTranFiletype of the file e/class/connect.php. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The...

CVE-2025-15423 EmpireSoft EmpireCMS connect.php CheckSaveTranFiletype unrestricted upload

A vulnerability has been found in EmpireSoft EmpireCMS up to 8.0. Impacted is the function CheckSaveTranFiletype of the file e/class/connect.php. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The...

CVE-2025-15423

Summary: CVE-2025-15423 affects EmpireSoft EmpireCMS up to version 8.0. The vulnerability is in the CheckSaveTranFiletype function of e/class/connect.php, whose manipulation enables unrestricted (arbitrary) file uploads. Exploitation can be conducted remotely and has been publicly disclosed. Mult...

CVE-2025-15422 EmpireSoft EmpireCMS IP Address connect.php egetip protection mechanism

A flaw has been found in EmpireSoft EmpireCMS up to 8.0. This issue affects the function egetip of the file e/class/connect.php of the component IP Address Handler. This manipulation causes protection mechanism failure. The attack may be initiated remotely. The exploit has been published and may ...

CVE-2025-15422 EmpireSoft EmpireCMS IP Address connect.php egetip protection mechanism

A flaw has been found in EmpireSoft EmpireCMS up to 8.0. This issue affects the function egetip of the file e/class/connect.php of the component IP Address Handler. This manipulation causes protection mechanism failure. The attack may be initiated remotely. The exploit has been published and may ...

CVE-2025-15422

EmpireSoft EmpireCMS (versions up to 8.0) is affected by a flaw in the IP Address Handler, specifically the eigenenegat ip logic in e/class/connect.php (function egetip). The vulnerability enables a remote attacker to bypass protection mechanisms, with an exploit already published. Multiple sourc...

EmpireSoft EmpireCMS 安全漏洞

EmpireSoft EmpireCMS Empire Content Management System is an open source content management system CMS from EmpireSoft, Inc. A security vulnerability exists in EmpireSoft EmpireCMS 8.0 and earlier versions, which stems from an incorrect operation of the function egetip in the file...

PT-2026-1042

Name of the Vulnerable Software and Affected Versions EmpireSoft EmpireCMS versions prior to 8.0 Description A flaw exists in EmpireSoft EmpireCMS that allows for unrestricted file uploads. This issue is located in the CheckSaveTranFiletype function within the e/class/connect.php file. Successful...

PT-2026-1039

Name of the Vulnerable Software and Affected Versions EmpireSoft EmpireCMS versions up to 8.0 Description A security issue exists in EmpireSoft EmpireCMS related to the IP Address Handler component. The issue resides in the egetip function within the e/class/connect.php file. This flaw results in...