CVE-2023-50162

SQL injection vulnerability in EmpireCMS v7.5, allows remote attackers to execute arbitrary code and obtain sensitive information via the DoExecSql function...

CVE-2023-50073

EmpireCMS v7.5 was discovered to contain a SQL injection vulnerability via the ftppassword parameter at SetEnews.php...

CVE-2018-19462

admin\db\DoSql.php in EmpireCMS through 7.5 allows remote attackers to execute arbitrary PHP code via SQL injection that uses a .php filename in a SELECT INTO OUTFILE statement to admin/admin.php...

CVE-2019-12361

EmpireCMS 7.5.0 has XSS via the from parameter to e/member/doaction.php, as demonstrated by a CSRF payload that changes the dynamic page template. The attacker can choose to resend the e/template/member/regsend.php registered activation mail page...

CVE-2019-12362

EmpireCMS 7.5.0 has XSS via the HTTP Referer header to e/member/doaction.php...

CVE-2025-15423

A vulnerability has been found in EmpireSoft EmpireCMS up to 8.0. Impacted is the function CheckSaveTranFiletype of the file e/class/connect.php. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The...

CVE-2025-15422

A flaw has been found in EmpireSoft EmpireCMS up to 8.0. This issue affects the function egetip of the file e/class/connect.php of the component IP Address Handler. This manipulation causes protection mechanism failure. The attack may be initiated remotely. The exploit has been published and may ...

CVE-2025-15423

A vulnerability has been found in EmpireSoft EmpireCMS up to 8.0. Impacted is the function CheckSaveTranFiletype of the file e/class/connect.php. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The...

CVE-2025-15423

A vulnerability has been found in EmpireSoft EmpireCMS up to 8.0. Impacted is the function CheckSaveTranFiletype of the file e/class/connect.php. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The...

CVE-2025-15422

A flaw has been found in EmpireSoft EmpireCMS up to 8.0. This issue affects the function egetip of the file e/class/connect.php of the component IP Address Handler. This manipulation causes protection mechanism failure. The attack may be initiated remotely. The exploit has been published and may ...

CVE-2025-15422

A flaw has been found in EmpireSoft EmpireCMS up to 8.0. This issue affects the function egetip of the file e/class/connect.php of the component IP Address Handler. This manipulation causes protection mechanism failure. The attack may be initiated remotely. The exploit has been published and may ...

CVE-2025-15423 EmpireSoft EmpireCMS connect.php CheckSaveTranFiletype unrestricted upload

A vulnerability has been found in EmpireSoft EmpireCMS up to 8.0. Impacted is the function CheckSaveTranFiletype of the file e/class/connect.php. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The...

CVE-2025-15423 EmpireSoft EmpireCMS connect.php CheckSaveTranFiletype unrestricted upload

A vulnerability has been found in EmpireSoft EmpireCMS up to 8.0. Impacted is the function CheckSaveTranFiletype of the file e/class/connect.php. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The...

CVE-2025-15423

Summary: CVE-2025-15423 affects EmpireSoft EmpireCMS up to version 8.0. The vulnerability is in the CheckSaveTranFiletype function of e/class/connect.php, whose manipulation enables unrestricted (arbitrary) file uploads. Exploitation can be conducted remotely and has been publicly disclosed. Mult...

CVE-2025-15422 EmpireSoft EmpireCMS IP Address connect.php egetip protection mechanism

A flaw has been found in EmpireSoft EmpireCMS up to 8.0. This issue affects the function egetip of the file e/class/connect.php of the component IP Address Handler. This manipulation causes protection mechanism failure. The attack may be initiated remotely. The exploit has been published and may ...

CVE-2025-15422 EmpireSoft EmpireCMS IP Address connect.php egetip protection mechanism

A flaw has been found in EmpireSoft EmpireCMS up to 8.0. This issue affects the function egetip of the file e/class/connect.php of the component IP Address Handler. This manipulation causes protection mechanism failure. The attack may be initiated remotely. The exploit has been published and may ...

CVE-2025-15422

EmpireSoft EmpireCMS (versions up to 8.0) is affected by a flaw in the IP Address Handler, specifically the eigenenegat ip logic in e/class/connect.php (function egetip). The vulnerability enables a remote attacker to bypass protection mechanisms, with an exploit already published. Multiple sourc...

PT-2026-1039

Name of the Vulnerable Software and Affected Versions EmpireSoft EmpireCMS versions up to 8.0 Description A security issue exists in EmpireSoft EmpireCMS related to the IP Address Handler component. The issue resides in the egetip function within the e/class/connect.php file. This flaw results in...

EmpireSoft EmpireCMS 安全漏洞

EmpireSoft EmpireCMS Empire Content Management System is an open source content management system CMS from EmpireSoft, Inc. A security vulnerability exists in EmpireSoft EmpireCMS 8.0 and earlier versions, which stems from an incorrect operation of the function egetip in the file...

PT-2026-1042

Name of the Vulnerable Software and Affected Versions EmpireSoft EmpireCMS versions prior to 8.0 Description A flaw exists in EmpireSoft EmpireCMS that allows for unrestricted file uploads. This issue is located in the CheckSaveTranFiletype function within the e/class/connect.php file. Successful...