CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-19462

admin\db\DoSql.php in EmpireCMS through 7.5 allows remote attackers to execute arbitrary PHP code via SQL injection that uses a .php filename in a SELECT INTO OUTFILE statement to admin/admin.php.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 55.2%

CVSS Severity

CVSS v3 Score 7.2

CVSS v2 Score 6.5

References

http://i.3001.net/uploads/Up_imgs/20181118-2c996e3b89d19c9c9e6761ef67fd6d5c.png%21small
http://i.3001.net/uploads/Up_imgs/20181118-87192261fa34cad723bc7d8b8ca2cd17.png
http://i.3001.net/uploads/Up_imgs/20181118-ca3d385ac6cf2d231da185b4bb844bad.png%21small
https://github.com/novysodope/empireCMS7.5
http://i.3001.net/uploads/Up_imgs/20181118-2c996e3b89d19c9c9e6761ef67fd6d5c.png%21small
http://i.3001.net/uploads/Up_imgs/20181118-87192261fa34cad723bc7d8b8ca2cd17.png
http://i.3001.net/uploads/Up_imgs/20181118-ca3d385ac6cf2d231da185b4bb844bad.png%21small
https://github.com/novysodope/empireCMS7.5

Products affected by CVE-2018-19462

Phome » Empirecms » Version: 6.6

cpe:2.3:a:phome:empirecms:6.6
Phome » Empirecms » Version: 7.0

cpe:2.3:a:phome:empirecms:7.0
Phome » Empirecms » Version: 7.2

cpe:2.3:a:phome:empirecms:7.2
Phome » Empirecms » Version: 7.5

cpe:2.3:a:phome:empirecms:7.5
Phome » Empirecms » Version: 7.5.0

cpe:2.3:a:phome:empirecms:7.5.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-19462

Products

Pricing

Contact Us