Submeter #721346: EmpireSoft EmpireCMS <= 8.0 Unrestricted Uploadinformação

TítuloEmpireSoft EmpireCMS <= 8.0 Unrestricted Upload
DescriçãoA file upload restriction bypass vulnerability exists in EmpireCMS <= 8.0. The vulnerability is located in the CheckSaveTranFiletype() function of e/class/connect.php. The blacklist-based file type validation fails to block dangerous file types including .htaccess and .user.ini, allowing authenticated users to upload Apache/Nginx configuration files that enable PHP code execution for arbitrary file extensions, ultimately leading to Remote Code Execution on the server.
Fonte⚠️ https://note-hxlab.wetolink.com/share/28QXRLje7Uz1
Utilizador
 gets (UID 71108)
Submissão22/12/2025 06h42 (há 4 meses)
Moderação01/01/2026 12h09 (10 days later)
EstadoAceite
Entrada VulDB339345 [EmpireSoft EmpireCMS até 8.0 e/class/connect.php CheckSaveTranFiletype Elevação de Privilégios]
Pontos20

VoltarVisão GeralPróximo

Do you need the next level of professionalism?

Upgrade your account now!