5 matches found
CVE-2018-6881
EmpireCMS 6.6 allows remote attackers to discover the full path via an array value for a parameter to admin/tool/ShowPic.php...
CVE-2018-6881
EmpireCMS 6.6 allows remote attackers to discover the full path via an array value for a parameter to admin/tool/ShowPic.php...
CVE-2018-6880
EmpireCMS 6.6 through 7.2 allows remote attackers to discover the full path via an array value for a parameter to class/connect.php...
CVE-2018-6881
EmpireCMS 6.6 allows remote attackers to discover the full path via an array value for a parameter to admin/tool/ShowPic.php...
CVE-2012-5777
CVE-2012-5777 affects EmpireCMS 6.6, specifically the template parser’s ReplaceListVars function in e/class/connect.php. The issue is an eval injection that allows a user-assisted remote attacker to execute arbitrary PHP code via a crafted template, leading to potential full web-server compromise...