Submeter #721345: EmpireSoft EmpireCMS <= 8.0 Code Injectioninformação

TítuloEmpireSoft EmpireCMS <= 8.0 Code Injection
DescriçãoA remote code execution vulnerability exists in EmpireCMS <= 8.0. The vulnerability is located in the LoadInMod() function of e/class/moddofun.php. When importing a system model, the application only validates that the uploaded file has a .mod extension but saves it as a .php file and directly executes it via PHP's include() function without validating its content. This allows authenticated administrators to execute arbitrary PHP code on the server by uploading a malicious .mod file, leading to complete server compromise.
Fonte⚠️ https://note-hxlab.wetolink.com/share/y4W2T0DDkhlr
Utilizador
 gets (UID 71108)
Submissão22/12/2025 06h40 (há 4 meses)
Moderação01/01/2026 12h09 (10 days later)
EstadoDuplicado
Entrada VulDB125158 [EmpireCMS 7.5 File Upload e/class/moddofun.php LoadInMod Elevação de Privilégios]
Pontos0

VoltarVisão GeralPróximo

Want to stay up to date on a daily basis?

Enable the mail alert feature now!