VYPR

Empirecms

by Phome

CVEs (4)

  • CVE-2018-16339HigSep 2, 2018
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in EmpireCMS 7.0. There is a CSRF vulnerability that can add administrators via upload/e/admin/user/AddUser.php?enews=AddUser.

  • CVE-2025-15423MedJan 2, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability has been found in EmpireSoft EmpireCMS up to 8.0. Impacted is the function CheckSaveTranFiletype of the file e/class/connect.php. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and…

  • CVE-2025-15422Jan 2, 2026
    risk 0.00cvss epss 0.01

    A flaw has been found in EmpireSoft EmpireCMS up to 8.0. This issue affects the function egetip of the file e/class/connect.php of the component IP Address Handler. This manipulation causes protection mechanism failure. The attack may be initiated remotely. The exploit has been…

  • CVE-2012-5777Nov 16, 2012
    risk 0.00cvss epss 0.02

    Eval injection vulnerability in the ReplaceListVars function in the template parser in e/class/connect.php in EmpireCMS 6.6 allows user-assisted remote attackers to execute arbitrary PHP code via a crafted template.