Phome
Products
3- 4 CVEs
- 2 CVEs
- 1 CVE
Recent CVEs
7| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-16339 | Hig | 0.57 | 8.8 | 0.01 | Sep 2, 2018 | An issue was discovered in EmpireCMS 7.0. There is a CSRF vulnerability that can add administrators via upload/e/admin/user/AddUser.php?enews=AddUser. | ||
| CVE-2025-50515 | Med | 0.42 | 6.5 | 0.00 | Aug 14, 2025 | An issue was discovered in phome Empirebak 2010 in ebak2008/upload/class/config.php allowing attackers to execute arbitrary code when the config file was loaded. | ||
| CVE-2025-15423 | Med | 0.41 | 6.3 | 0.00 | Jan 2, 2026 | A vulnerability has been found in EmpireSoft EmpireCMS up to 8.0. Impacted is the function CheckSaveTranFiletype of the file e/class/connect.php. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and… | ||
| CVE-2009-2269 | 0.03 | — | 0.01 | Jul 1, 2009 | SQL injection vulnerability in Empire CMS 5.1 allows remote attackers to execute arbitrary SQL commands via the bid parameter to the default URI under e/tool/gbook/. | |||
| CVE-2006-4354 | 0.03 | — | 0.03 | Aug 27, 2006 | PHP remote file inclusion vulnerability in e/class/CheckLevel.php in Phome Empire CMS 3.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the check_path parameter. | |||
| CVE-2025-15422 | 0.00 | — | 0.01 | Jan 2, 2026 | A flaw has been found in EmpireSoft EmpireCMS up to 8.0. This issue affects the function egetip of the file e/class/connect.php of the component IP Address Handler. This manipulation causes protection mechanism failure. The attack may be initiated remotely. The exploit has been… | |||
| CVE-2012-5777 | 0.00 | — | 0.02 | Nov 16, 2012 | Eval injection vulnerability in the ReplaceListVars function in the template parser in e/class/connect.php in EmpireCMS 6.6 allows user-assisted remote attackers to execute arbitrary PHP code via a crafted template. |
- risk 0.57cvss 8.8epss 0.01
An issue was discovered in EmpireCMS 7.0. There is a CSRF vulnerability that can add administrators via upload/e/admin/user/AddUser.php?enews=AddUser.
- risk 0.42cvss 6.5epss 0.00
An issue was discovered in phome Empirebak 2010 in ebak2008/upload/class/config.php allowing attackers to execute arbitrary code when the config file was loaded.
- risk 0.41cvss 6.3epss 0.00
A vulnerability has been found in EmpireSoft EmpireCMS up to 8.0. Impacted is the function CheckSaveTranFiletype of the file e/class/connect.php. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and…
- CVE-2009-2269Jul 1, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in Empire CMS 5.1 allows remote attackers to execute arbitrary SQL commands via the bid parameter to the default URI under e/tool/gbook/.
- CVE-2006-4354Aug 27, 2006risk 0.03cvss —epss 0.03
PHP remote file inclusion vulnerability in e/class/CheckLevel.php in Phome Empire CMS 3.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the check_path parameter.
- CVE-2025-15422Jan 2, 2026risk 0.00cvss —epss 0.01
A flaw has been found in EmpireSoft EmpireCMS up to 8.0. This issue affects the function egetip of the file e/class/connect.php of the component IP Address Handler. This manipulation causes protection mechanism failure. The attack may be initiated remotely. The exploit has been…
- CVE-2012-5777Nov 16, 2012risk 0.00cvss —epss 0.02
Eval injection vulnerability in the ReplaceListVars function in the template parser in e/class/connect.php in EmpireCMS 6.6 allows user-assisted remote attackers to execute arbitrary PHP code via a crafted template.