CVE-2018-18086
Description
EmpireCMS v7.5 has an arbitrary file upload vulnerability in the LoadInMod function in e/class/moddofun.php, exploitable by logged-in users.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
EmpireCMS v7.5 allows authenticated arbitrary file upload via the LoadInMod function, leading to remote code execution.
Vulnerability
EmpireCMS v7.5 contains an arbitrary file upload vulnerability in the LoadInMod function within e/class/moddofun.php. This allows authenticated users to upload arbitrary files, including PHP scripts, to the server. [1]
Exploitation
An attacker with a valid login can craft a request to the vulnerable function, uploading a malicious file. No additional privileges or interaction beyond authentication are required. [1]
Impact
Successful exploitation results in arbitrary file upload, enabling remote code execution (RCE) as the web server user. The attacker can then execute arbitrary commands, upload further payloads, or access sensitive data. [1]
Mitigation
As of the published date (2018-10-09), no official patch has been released. Users should restrict access to the administrative interface and monitor for unauthorized uploads. If possible, apply file upload restrictions or use a web application firewall. [1]
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: =7.5
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- github.com/SukaraLin/php_code_audit_project/issues/1mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.