threat
engine
.sh
Back
·
··:··
Home
/
Product
/
phome empirecms
Product
phome empirecms
18 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2025-15423
<= 8.0
A vulnerability has been found in EmpireSoft EmpireCMS up to 8.0. Impacted is the function CheckSaveTranFiletype of the file e/cla
6.3
MEDIUM
CVE-2025-15422
<= 8.0
A flaw has been found in EmpireSoft EmpireCMS up to 8.0. This issue affects the function egetip of the file e/class/connect.php of
5.3
MEDIUM
CVE-2023-50162
all versions
SQL injection vulnerability in EmpireCMS v7.5, allows remote attackers to execute arbitrary code and obtain sensitive information
7.2
HIGH
CVE-2023-50073
all versions
EmpireCMS v7.5 was discovered to contain a SQL injection vulnerability via the ftppassword parameter at SetEnews.php.
9.8
CRITICAL
CVE-2022-28585
all versions
EmpireCMS 7.5 has a SQL injection vulnerability in AdClass.php
9.8
CRITICAL
CVE-2020-22937
all versions
A remote code execution (RCE) in e/install/index.php of EmpireCMS 7.5 allows attackers to execute arbitrary PHP code via writing m
9.8
CRITICAL
CVE-2018-19462
<= 7.5.0
admin\db\DoSql.php in EmpireCMS through 7.5 allows remote attackers to execute arbitrary PHP code via SQL injection that uses a .p
7.2
HIGH
CVE-2018-19461
<= 7.5.0
admin\db\DoSql.php in EmpireCMS through 7.5 allows XSS via crafted SQL syntax to admin/admin.php.
4.8
MEDIUM
CVE-2019-12362
all versions
EmpireCMS 7.5.0 has XSS via the HTTP Referer header to e/member/doaction.php.
6.1
MEDIUM
CVE-2019-12361
all versions
EmpireCMS 7.5.0 has XSS via the from parameter to e/member/doaction.php, as demonstrated by a CSRF payload that changes the dynami
6.1
MEDIUM
CVE-2018-18449
all versions
EmpireCMS 7.5 allows CSRF for adding a user account via an enews=AddUser action to e/admin/user/ListUser.php, a similar issue to C
8.8
HIGH
CVE-2018-20300
all versions
Empire CMS 7.5 allows remote attackers to execute arbitrary PHP code via the ftemp parameter in an enews=EditMemberForm action bec
9.8
CRITICAL
CVE-2018-18869
all versions
EmpireCMS V7.5 allows remote attackers to upload and execute arbitrary code via ..%2F directory traversal in a .php filename in th
9.8
CRITICAL
CVE-2018-18086
all versions
EmpireCMS v7.5 has an arbitrary file upload vulnerability in the LoadInMod function in e/class/moddofun.php, exploitable by logged
8.8
HIGH
CVE-2018-16339
all versions
An issue was discovered in EmpireCMS 7.0. There is a CSRF vulnerability that can add administrators via upload/e/admin/user/AddUse
8.8
HIGH
CVE-2018-6881
all versions
EmpireCMS 6.6 allows remote attackers to discover the full path via an array value for a parameter to admin/tool/ShowPic.php.
5.3
MEDIUM
CVE-2018-6880
>= 6.6 and <= 7.2
EmpireCMS 6.6 through 7.2 allows remote attackers to discover the full path via an array value for a parameter to class/connect.ph
5.3
MEDIUM
CVE-2012-5777
all versions
Eval injection vulnerability in the ReplaceListVars function in the template parser in e/class/connect.php in EmpireCMS 6.6 allows
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin