CVE-2018-19462
Severity CVSS v4.0:
Pending analysis
Type:
CWE-89
SQL Injection
Publication date:
07/06/2019
Last modified:
17/06/2026
Description
admin\db\DoSql.php in EmpireCMS through 7.5 allows remote attackers to execute arbitrary PHP code via SQL injection that uses a .php filename in a SELECT INTO OUTFILE statement to admin/admin.php.
Impact
Base Score 3.x
7.20
Severity 3.x
HIGH
Base Score 2.0
6.50
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:phome:empirecms:*:*:*:*:*:*:*:* | 7.5.0 (including) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://i.3001.net/uploads/Up_imgs/20181118-2c996e3b89d19c9c9e6761ef67fd6d5c.png%21small
- http://i.3001.net/uploads/Up_imgs/20181118-87192261fa34cad723bc7d8b8ca2cd17.png
- http://i.3001.net/uploads/Up_imgs/20181118-ca3d385ac6cf2d231da185b4bb844bad.png%21small
- https://github.com/novysodope/empireCMS7.5
- http://i.3001.net/uploads/Up_imgs/20181118-2c996e3b89d19c9c9e6761ef67fd6d5c.png%21small
- http://i.3001.net/uploads/Up_imgs/20181118-87192261fa34cad723bc7d8b8ca2cd17.png
- http://i.3001.net/uploads/Up_imgs/20181118-ca3d385ac6cf2d231da185b4bb844bad.png%21small
- https://github.com/novysodope/empireCMS7.5



