Vulnerabilities (CVE)

Filtered by vendor Phome Subscribe

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 5 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2018-6880	1 Phome	1 Empirecms	2022-02-19	5.0 MEDIUM	5.3 MEDIUM
EmpireCMS 6.6 through 7.2 allows remote attackers to discover the full path via an array value for a parameter to class/connect.php.
CVE-2018-6881	2 Dedecms, Phome	2 Dedecms, Empirecms	2022-02-19	5.0 MEDIUM	5.3 MEDIUM
EmpireCMS 6.6 allows remote attackers to discover the full path via an array value for a parameter to admin/tool/ShowPic.php.
CVE-2019-12361	1 Phome	1 Empirecms	2020-08-24	4.3 MEDIUM	6.1 MEDIUM
EmpireCMS 7.5.0 has XSS via the from parameter to e/member/doaction.php, as demonstrated by a CSRF payload that changes the dynamic page template. The attacker can choose to resend the e/template/member/regsend.php registered activation mail page.
CVE-2018-19461	1 Phome	1 Empirecms	2019-06-09	3.5 LOW	4.8 MEDIUM
admin\db\DoSql.php in EmpireCMS through 7.5 allows XSS via crafted SQL syntax to admin/admin.php.
CVE-2019-12362	1 Phome	1 Empirecms	2019-05-28	4.3 MEDIUM	6.1 MEDIUM
EmpireCMS 7.5.0 has XSS via the HTTP Referer header to e/member/doaction.php.