2 matches found
CVE-2018-19462
admin\db\DoSql.php in EmpireCMS through 7.5 allows remote attackers to execute arbitrary PHP code via SQL injection that uses a .php filename in a SELECT INTO OUTFILE statement to admin/admin.php...
CVE-2018-19462
EmpireCMS up to version 7.5 is affected by CVE-2018-19462 due to a vulnerability in admin\db\DoSql.php. An attacker can remotely trigger SQL injection that uses a .php filename in a SELECT INTO OUTFILE statement targeting admin/admin.php, resulting in arbitrary PHP code execution on the server. T...