VYPR
Vendor

Phome

Products
3
CVEs
7
Across products
7
Status
Private

Products

3

Recent CVEs

7
  • CVE-2018-16339HigSep 2, 2018
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in EmpireCMS 7.0. There is a CSRF vulnerability that can add administrators via upload/e/admin/user/AddUser.php?enews=AddUser.

  • CVE-2025-50515MedAug 14, 2025
    risk 0.42cvss 6.5epss 0.00

    An issue was discovered in phome Empirebak 2010 in ebak2008/upload/class/config.php allowing attackers to execute arbitrary code when the config file was loaded.

  • CVE-2025-15423MedJan 2, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability has been found in EmpireSoft EmpireCMS up to 8.0. Impacted is the function CheckSaveTranFiletype of the file e/class/connect.php. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and…

  • CVE-2009-2269Jul 1, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in Empire CMS 5.1 allows remote attackers to execute arbitrary SQL commands via the bid parameter to the default URI under e/tool/gbook/.

  • CVE-2006-4354Aug 27, 2006
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in e/class/CheckLevel.php in Phome Empire CMS 3.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the check_path parameter.

  • CVE-2025-15422Jan 2, 2026
    risk 0.00cvss epss 0.01

    A flaw has been found in EmpireSoft EmpireCMS up to 8.0. This issue affects the function egetip of the file e/class/connect.php of the component IP Address Handler. This manipulation causes protection mechanism failure. The attack may be initiated remotely. The exploit has been…

  • CVE-2012-5777Nov 16, 2012
    risk 0.00cvss epss 0.02

    Eval injection vulnerability in the ReplaceListVars function in the template parser in e/class/connect.php in EmpireCMS 6.6 allows user-assisted remote attackers to execute arbitrary PHP code via a crafted template.