Home
Bugtraq
Full List
Only Bugs
Only Tricks
Only Exploits
Only Dorks
Only CVE
Only CWE
Fake Notes
Ranking
CVEMAP
Full List
Show Vendors
Show Products
CWE Dictionary
Check CVE Id
Check CWE Id
Search
Bugtraq
CVEMAP
By author
CVE Id
CWE Id
By vendors
By products
RSS
Bugtraq
CVEMAP
CVE Products
Bugs
Exploits
Dorks
More
cIFrex
Facebook
Twitter
Donate
About
Submit
Vulnerabilities for
'Empirecms'
2022-05-03
CVE-2022-28585
CWE-89
EmpireCMS 7.5 has a SQL injection vulnerability in AdClass.php
2021-08-17
CVE-2020-22937
CWE-94
A remote code execution (RCE) in e/install/index.php of EmpireCMS 7.5 allows attackers to execute arbitrary PHP code via writing malicious code to the install file.
2019-06-07
CVE-2018-19462
CWE-94
admin\db\DoSql.php in EmpireCMS through 7.5 allows remote attackers to execute arbitrary PHP code via SQL injection that uses a .php filename in a SELECT INTO OUTFILE statement to admin/admin.php.
CVE-2018-19461
CWE-79
admin\db\DoSql.php in EmpireCMS through 7.5 allows XSS via crafted SQL syntax to admin/admin.php.
2019-05-27
CVE-2019-12362
CWE-79
EmpireCMS 7.5.0 has XSS via the HTTP Referer header to e/member/doaction.php.
CVE-2019-12361
CWE-79
EmpireCMS 7.5.0 has XSS via the from parameter to e/member/doaction.php, as demonstrated by a CSRF payload that changes the dynamic page template. The attacker can choose to resend the e/template/member/regsend.php registered activation mail page.
2019-03-07
CVE-2018-18449
CWE-352
EmpireCMS 7.5 allows CSRF for adding a user account via an enews=AddUser action to e/admin/user/ListUser.php, a similar issue to CVE-2018-16339.
2018-12-19
CVE-2018-20300
CWE-94
Empire CMS 7.5 allows remote attackers to execute arbitrary PHP code via the ftemp parameter in an enews=EditMemberForm action because this code is injected into a memberform.$fid.php file.
2018-10-31
CVE-2018-18869
CWE-22
EmpireCMS V7.5 allows remote attackers to upload and execute arbitrary code via ..%2F directory traversal in a .php filename in the upload/e/admin/ecmscom.php path parameter.
2018-10-09
CVE-2018-18086
CWE-434
EmpireCMS v7.5 has an arbitrary file upload vulnerability in the LoadInMod function in e/class/moddofun.php, exploitable by logged-in users.
Copyright
2024
, cxsecurity.com
Back to Top