CVE-2018-6880
MEDIUMPhome Empirecms < 7.2 - Exposure to Wrong Actor
Title source: ruleDescription
EmpireCMS 6.6 through 7.2 allows remote attackers to discover the full path via an array value for a parameter to class/connect.php.
Scores
CVSS v3
5.3
EPSS
0.0033
EPSS Percentile
55.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Classification
CWE
CWE-668
Status
published
Affected Products (1)
phome/empirecms
< 7.2
Timeline
Published
Feb 12, 2018
Tracked Since
Feb 18, 2026