Critical severity9.8NVD Advisory· Published Oct 31, 2018· Updated Jun 17, 2026
CVE-2018-18869
CVE-2018-18869
Description
EmpireCMS V7.5 allows remote attackers to upload and execute arbitrary code via ..%2F directory traversal in a .php filename in the upload/e/admin/ecmscom.php path parameter.
Affected products
1- Range: 7.5
Patches
Vulnerability mechanics
References
1- qclover.github.io/2018/10/10/EmpireCMS_V7.5%E7%9A%84%E4%B8%80%E6%AC%A1%E5%AE%A1%E8%AE%A1.htmlnvdExploitTechnical DescriptionThird Party Advisory
News mentions
0No linked articles in our index yet.