Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Empirecms Security Vulnerabilities

cve
cve

CVE-2012-5777

Eval injection vulnerability in the ReplaceListVars function in the template parser in e/class/connect.php in EmpireCMS 6.6 allows user-assisted remote attackers to execute arbitrary PHP code via a crafted template.

7.9AI Score

0.014EPSS

2012-11-16 12:55 AM
29
cve
cve

CVE-2018-16339

An issue was discovered in EmpireCMS 7.0. There is a CSRF vulnerability that can add administrators via upload/e/admin/user/AddUser.php?enews=AddUser.

8.8CVSS

8.6AI Score

0.001EPSS

2018-09-02 06:29 PM
24
cve
cve

CVE-2018-18086

EmpireCMS v7.5 has an arbitrary file upload vulnerability in the LoadInMod function in e/class/moddofun.php, exploitable by logged-in users.

8.8CVSS

8.7AI Score

0.001EPSS

2018-10-09 08:29 PM
22
cve
cve

CVE-2018-18449

EmpireCMS 7.5 allows CSRF for adding a user account via an enews=AddUser action to e/admin/user/ListUser.php, a similar issue to CVE-2018-16339.

8.8CVSS

8.8AI Score

0.001EPSS

2019-03-07 11:29 PM
24
cve
cve

CVE-2018-18869

EmpireCMS V7.5 allows remote attackers to upload and execute arbitrary code via ..%2F directory traversal in a .php filename in the upload/e/admin/ecmscom.php path parameter.

9.8CVSS

9.6AI Score

0.009EPSS

2018-10-31 06:29 AM
25
cve
cve

CVE-2018-19461

admin\db\DoSql.php in EmpireCMS through 7.5 allows XSS via crafted SQL syntax to admin/admin.php.

4.8CVSS

5.3AI Score

0.001EPSS

2019-06-07 05:29 PM
47
cve
cve

CVE-2018-19462

admin\db\DoSql.php in EmpireCMS through 7.5 allows remote attackers to execute arbitrary PHP code via SQL injection that uses a .php filename in a SELECT INTO OUTFILE statement to admin/admin.php.

7.2CVSS

7.7AI Score

0.006EPSS

2019-06-07 05:29 PM
64
cve
cve

CVE-2018-20300

Empire CMS 7.5 allows remote attackers to execute arbitrary PHP code via the ftemp parameter in an enews=EditMemberForm action because this code is injected into a memberform.$fid.php file.

9.8CVSS

9.7AI Score

0.015EPSS

2018-12-20 12:29 AM
24
cve
cve

CVE-2018-6880

EmpireCMS 6.6 through 7.2 allows remote attackers to discover the full path via an array value for a parameter to class/connect.php.

5.3CVSS

5.3AI Score

0.001EPSS

2018-02-12 03:29 AM
36
cve
cve

CVE-2018-6881

EmpireCMS 6.6 allows remote attackers to discover the full path via an array value for a parameter to admin/tool/ShowPic.php.

5.3CVSS

5.3AI Score

0.003EPSS

2018-02-12 03:29 AM
33
cve
cve

CVE-2019-12361

EmpireCMS 7.5.0 has XSS via the from parameter to e/member/doaction.php, as demonstrated by a CSRF payload that changes the dynamic page template. The attacker can choose to resend the e/template/member/regsend.php registered activation mail page.

6.1CVSS

6AI Score

0.001EPSS

2019-05-27 11:29 PM
47
cve
cve

CVE-2019-12362

EmpireCMS 7.5.0 has XSS via the HTTP Referer header to e/member/doaction.php.

6.1CVSS

5.9AI Score

0.001EPSS

2019-05-27 11:29 PM
36
cve
cve

CVE-2020-22937

A remote code execution (RCE) in e/install/index.php of EmpireCMS 7.5 allows attackers to execute arbitrary PHP code via writing malicious code to the install file.

9.8CVSS

9.9AI Score

0.009EPSS

2021-08-17 07:15 PM
51
2
cve
cve

CVE-2022-28585

EmpireCMS 7.5 has a SQL injection vulnerability in AdClass.php

9.8CVSS

9.7AI Score

0.002EPSS

2022-05-03 06:15 PM
52
cve
cve

CVE-2023-50162

SQL injection vulnerability in EmpireCMS v7.5, allows remote attackers to execute arbitrary code and obtain sensitive information via the DoExecSql function.

7.2CVSS

7.5AI Score

0.001EPSS

2024-01-09 12:15 AM
14