| 제목 | EmpireSoft EmpireCMS <= 8.0 Code Injection |
|---|
| 설명 | A remote code execution vulnerability exists in EmpireCMS <= 8.0. The vulnerability is located in the LoadInMod() function of e/class/moddofun.php. When importing a system model, the application only validates that the uploaded file has a .mod extension but saves it as a .php file and directly executes it via PHP's include() function without validating its content. This allows authenticated administrators to execute arbitrary PHP code on the server by uploading a malicious .mod file, leading to complete server compromise. |
|---|
| 원천 | ⚠️ https://note-hxlab.wetolink.com/share/y4W2T0DDkhlr |
|---|
| 사용자 | gets (UID 71108) |
|---|
| 제출 | 2025. 12. 22. AM 06:40 (4 개월 ago) |
|---|
| 모더레이션 | 2026. 01. 01. PM 12:09 (10 days later) |
|---|
| 상태 | 중복 |
|---|
| VulDB 항목 | 125158 [EmpireCMS 7.5 File Upload e/class/moddofun.php LoadInMod 권한 상승] |
|---|
| 포인트들 | 0 |
|---|