CVE-2025-15423

A vulnerability has been found in EmpireSoft EmpireCMS up to 8.0. Impacted is the function CheckSaveTranFiletype of the file e/class/connect.php. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The...

CVE-2025-15422

A flaw has been found in EmpireSoft EmpireCMS up to 8.0. This issue affects the function egetip of the file e/class/connect.php of the component IP Address Handler. This manipulation causes protection mechanism failure. The attack may be initiated remotely. The exploit has been published and may ...

CVE-2025-15423 EmpireSoft EmpireCMS connect.php CheckSaveTranFiletype unrestricted upload

A vulnerability has been found in EmpireSoft EmpireCMS up to 8.0. Impacted is the function CheckSaveTranFiletype of the file e/class/connect.php. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The...

CVE-2025-15422

EmpireSoft EmpireCMS (versions up to 8.0) is affected by a flaw in the IP Address Handler, specifically the eigenenegat ip logic in e/class/connect.php (function egetip). The vulnerability enables a remote attacker to bypass protection mechanisms, with an exploit already published. Multiple sourc...

CVE-2025-15422 EmpireSoft EmpireCMS IP Address connect.php egetip protection mechanism

A flaw has been found in EmpireSoft EmpireCMS up to 8.0. This issue affects the function egetip of the file e/class/connect.php of the component IP Address Handler. This manipulation causes protection mechanism failure. The attack may be initiated remotely. The exploit has been published and may ...

PT-2026-1039

Name of the Vulnerable Software and Affected Versions EmpireSoft EmpireCMS versions up to 8.0 Description A security issue exists in EmpireSoft EmpireCMS related to the IP Address Handler component. The issue resides in the egetip function within the e/class/connect.php file. This flaw results in...

CVE-2024-36680

In the module "Facebook" pkfacebook =1.0.1 from Promokit.eu for PrestaShop, a guest can perform SQL injection. The ajax script facebookConnect.php have a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection...

SUSE CVE-2017-12419

If, after successful installation of MantisBT through 2.5.2 on MySQL/MariaDB, the administrator does not remove the 'admin' directory as recommended in the "Post-installation and upgrade tasks" section of the MantisBT Admin Guide, and the MySQL client has a localinfile setting enabled in php.ini...

PYSEC-2022-182

ADMesh through 0.98.4 has a heap-based buffer over-read in stlupdateconnectsremove1 called from stlremovedegenerate in connect.c in libadmesh.a...

UBUNTU-CVE-2018-25033

ADMesh through 0.98.4 has a heap-based buffer over-read in stlupdateconnectsremove1 called from stlremovedegenerate in connect.c in libadmesh.a...

CVE-2018-6880

EmpireCMS 6.6 through 7.2 allows remote attackers to discover the full path via an array value for a parameter to class/connect.php...

PT-2007-4088

Name of the Vulnerable Software and Affected Versions SunLight CMS version 5.3 Description The issue allows remote attackers to execute arbitrary PHP code. This can be achieved by providing a URL in the root parameter to specific PHP files, such as connect.php or modules/startup.php...

CVE-2003-0076

Unknown vulnerability in the directory parser for Direct Connect 4 Linux dcgui before 0.2.2 allows remote attackers to read files outside the sharelist...