CVE-2018-20300
Empire CMS 7.5 allows remote attackers to execute arbitrary PHP code via the ftemp parameter in an enews=EditMemberForm
Empire CMS 7.5 allows remote attackers to execute arbitrary PHP code via the ftemp parameter in an enews=EditMemberForm action because this code is injected into a memberform.$fid.php file.
CRITICAL · CVSS 9.8
EPSS 0.00994
Act now
- Public exploit or PoC is available
- CVSS base score ≥ 7.0
Sigma rules0
YARA rules0