Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5777

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2012-5777
Last Modified 22 Aug 2013 02:46:52
Published 15 Nov 2012 07:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-5777

Summary

Eval injection vulnerability in the ReplaceListVars function in the template parser in e/class/connect.php in EmpireCMS 6.6 allows user-assisted remote attackers to execute arbitrary PHP code via a crafted template.

Vulnerable Systems

Application

  • Phome Empirecms 6.6


References

BUGTRAQ - 20121105 [CVE-2012-5777]EmpireCMS Template Parser Remote PHP Code Execution Vulnerability

BID - 56406

XF - empirecms-template-code-execution(79779)

MISC - http://packetstormsecurity.com/files/117902/EmpireCMS-6.6-PHP-Code-Execution.html

MISC - http://packetstormsecurity.org/files/117902/EmpireCMS-6.6-PHP-Code-Execution.html


Last Updated: 27 May 2016 10:44:50