VYPR
Vendor

Empire CMS

Products
1
CVEs
14
Across products
14
Status
Private

Products

1

Recent CVEs

14
  • CVE-2023-50073CriDec 14, 2023
    risk 0.64cvss 9.8epss 0.01

    EmpireCMS v7.5 was discovered to contain a SQL injection vulnerability via the ftppassword parameter at SetEnews.php.

  • CVE-2022-28585CriMay 3, 2022
    risk 0.64cvss 9.8epss 0.01

    EmpireCMS 7.5 has a SQL injection vulnerability in AdClass.php

  • CVE-2020-22937CriAug 17, 2021
    risk 0.64cvss 9.8epss 0.03

    A remote code execution (RCE) in e/install/index.php of EmpireCMS 7.5 allows attackers to execute arbitrary PHP code via writing malicious code to the install file.

  • CVE-2018-20300CriDec 20, 2018
    risk 0.64cvss 9.8epss 0.02

    Empire CMS 7.5 allows remote attackers to execute arbitrary PHP code via the ftemp parameter in an enews=EditMemberForm action because this code is injected into a memberform.$fid.php file.

  • CVE-2018-18869CriOct 31, 2018
    risk 0.64cvss 9.8epss 0.04

    EmpireCMS V7.5 allows remote attackers to upload and execute arbitrary code via ..%2F directory traversal in a .php filename in the upload/e/admin/ecmscom.php path parameter.

  • CVE-2018-18449HigMar 7, 2019
    risk 0.57cvss 8.8epss 0.01

    EmpireCMS 7.5 allows CSRF for adding a user account via an enews=AddUser action to e/admin/user/ListUser.php, a similar issue to CVE-2018-16339.

  • CVE-2018-18086HigOct 9, 2018
    risk 0.57cvss 8.8epss 0.01

    EmpireCMS v7.5 has an arbitrary file upload vulnerability in the LoadInMod function in e/class/moddofun.php, exploitable by logged-in users.

  • CVE-2023-50162HigJan 9, 2024
    risk 0.47cvss 7.2epss 0.01

    SQL injection vulnerability in EmpireCMS v7.5, allows remote attackers to execute arbitrary code and obtain sensitive information via the DoExecSql function.

  • CVE-2018-19462HigJun 7, 2019
    risk 0.47cvss 7.2epss 0.02

    admin\db\DoSql.php in EmpireCMS through 7.5 allows remote attackers to execute arbitrary PHP code via SQL injection that uses a .php filename in a SELECT INTO OUTFILE statement to admin/admin.php.

  • CVE-2019-12362MedMay 27, 2019
    risk 0.40cvss 6.1epss 0.01

    EmpireCMS 7.5.0 has XSS via the HTTP Referer header to e/member/doaction.php.

  • CVE-2019-12361MedMay 27, 2019
    risk 0.40cvss 6.1epss 0.00

    EmpireCMS 7.5.0 has XSS via the from parameter to e/member/doaction.php, as demonstrated by a CSRF payload that changes the dynamic page template. The attacker can choose to resend the e/template/member/regsend.php registered activation mail page.

  • CVE-2018-6880MedFeb 12, 2018
    risk 0.35cvss 5.3epss 0.02

    EmpireCMS 6.6 through 7.2 allows remote attackers to discover the full path via an array value for a parameter to class/connect.php.

  • CVE-2018-19461MedJun 7, 2019
    risk 0.31cvss 4.8epss 0.01

    admin\db\DoSql.php in EmpireCMS through 7.5 allows XSS via crafted SQL syntax to admin/admin.php.

  • CVE-2009-2269Jul 1, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in Empire CMS 5.1 allows remote attackers to execute arbitrary SQL commands via the bid parameter to the default URI under e/tool/gbook/.