Phome: >> Empirecms >> 7.5.0 Security Vulnerabilities
admin\db\DoSql.php in EmpireCMS through 7.5 allows XSS via crafted SQL syntax to admin/admin.php.
CVSS Score
4.8
EPSS Score
0.003
Published
2019-06-07
admin\db\DoSql.php in EmpireCMS through 7.5 allows remote attackers to execute arbitrary PHP code via SQL injection that uses a .php filename in a SELECT INTO OUTFILE statement to admin/admin.php.
CVSS Score
7.2
EPSS Score
0.003
Published
2019-06-07
EmpireCMS 7.5.0 has XSS via the from parameter to e/member/doaction.php, as demonstrated by a CSRF payload that changes the dynamic page template. The attacker can choose to resend the e/template/member/regsend.php registered activation mail page.
CVSS Score
6.1
EPSS Score
0.001
Published
2019-05-27
EmpireCMS 7.5.0 has XSS via the HTTP Referer header to e/member/doaction.php.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-05-27