Soumettre #721344: EmpireCMS <=8.0 Privilege Escalationinformation

TitreEmpireCMS <=8.0 Privilege Escalation
DescriptionAn IP address spoofing vulnerability exists in EmpireCMS <= 8.0. The vulnerability is located in the egetip() function of e/class/connect.php. The function prioritizes user-controllable HTTP headers (HTTP_CLIENT_IP and HTTP_X_FORWARDED_FOR) over the reliable REMOTE_ADDR value when determining client IP addresses. This allows unauthenticated remote attackers to bypass IP-based access restrictions, evade brute-force protection mechanisms, and falsify IP addresses recorded in security logs and database records.
La source⚠️ https://note-hxlab.wetolink.com/share/0x74KEtzecFb
Utilisateur
 gets (UID 71108)
Soumission22/12/2025 06:36 (il y a 4 mois)
Modérer01/01/2026 12:09 (10 days later)
StatutAccepté
Entrée VulDB339344 [EmpireSoft EmpireCMS jusqu’à 8.0 IP Address e/class/connect.php egetip élévation de privilèges]
Points20

PrécédentAperçuSuivant

Might our Artificial Intelligence support you?

Check our Alexa App!