Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Phome Subscribe

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-50162 1 Phome 1 Empirecms 2024-01-11 N/A 7.2 HIGH
SQL injection vulnerability in EmpireCMS v7.5, allows remote attackers to execute arbitrary code and obtain sensitive information via the DoExecSql function.
CVE-2018-19462 1 Phome 1 Empirecms 2020-08-24 6.5 MEDIUM 7.2 HIGH
admin\db\DoSql.php in EmpireCMS through 7.5 allows remote attackers to execute arbitrary PHP code via SQL injection that uses a .php filename in a SELECT INTO OUTFILE statement to admin/admin.php.
CVE-2018-18449 1 Phome 1 Empirecms 2019-03-08 6.8 MEDIUM 8.8 HIGH
EmpireCMS 7.5 allows CSRF for adding a user account via an enews=AddUser action to e/admin/user/ListUser.php, a similar issue to CVE-2018-16339.
CVE-2018-18086 1 Phome 1 Empirecms 2018-11-25 6.5 MEDIUM 8.8 HIGH
EmpireCMS v7.5 has an arbitrary file upload vulnerability in the LoadInMod function in e/class/moddofun.php, exploitable by logged-in users.
CVE-2018-16339 1 Phome 1 Empirecms 2018-10-25 6.8 MEDIUM 8.8 HIGH
An issue was discovered in EmpireCMS 7.0. There is a CSRF vulnerability that can add administrators via upload/e/admin/user/AddUser.php?enews=AddUser.