| Название | EmpireCMS <=8.0 Privilege Escalation |
|---|
| Описание | An IP address spoofing vulnerability exists in EmpireCMS <= 8.0. The vulnerability is located in the egetip() function of e/class/connect.php. The function prioritizes user-controllable HTTP headers (HTTP_CLIENT_IP and HTTP_X_FORWARDED_FOR) over the reliable REMOTE_ADDR value when determining client IP addresses. This allows unauthenticated remote attackers to bypass IP-based access restrictions, evade brute-force protection mechanisms, and falsify IP addresses recorded in security logs and database records. |
|---|
| Источник | ⚠️ https://note-hxlab.wetolink.com/share/0x74KEtzecFb |
|---|
| Пользователь | gets (UID 71108) |
|---|
| Представление | 22.12.2025 06:36 (4 месяцы назад) |
|---|
| Модерация | 01.01.2026 12:09 (10 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 339344 [EmpireSoft EmpireCMS до 8.0 IP Address e/class/connect.php egetip эскалация привилегий] |
|---|
| Баллы | 20 |
|---|