RCE in Phome Empirecms

CVE-2012-5777

Eval injection vulnerability in the ReplaceListVars function in the template parser in e/class/connect.php in EmpireCMS 6.6 allows user-assisted remote attackers to execute arbitrary PHP code via a crafted template.

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.022 (80.4th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References