CVE-2018-19462

Publication date

2019-06-07 16:44:09

Family

mitre

State

PUBLISHED

Description

admindbDoSql.php in EmpireCMS through 7.5 allows remote attackers to execute arbitrary PHP code via SQL injection that uses a .php filename in a SELECT INTO OUTFILE statement to admin/admin.php.