Unrated severityNVD Advisory· Published Jun 7, 2019· Updated Aug 5, 2024

CVE-2018-19462

Description

admin\db\DoSql.php in EmpireCMS through 7.5 allows remote attackers to execute arbitrary PHP code via SQL injection that uses a .php filename in a SELECT INTO OUTFILE statement to admin/admin.php.

Affected products

EmpireCMS/EmpireCMSdescription
Empire CMS/Empire CMSllm-fuzzy
Range: <=7.5

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

i.3001.net/uploads/Up_imgs/20181118-2c996e3b89d19c9c9e6761ef67fd6d5c.png%21smallmitrex_refsource_MISC
i.3001.net/uploads/Up_imgs/20181118-87192261fa34cad723bc7d8b8ca2cd17.pngmitrex_refsource_MISC
i.3001.net/uploads/Up_imgs/20181118-ca3d385ac6cf2d231da185b4bb844bad.png%21smallmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000