CVE-2012-5777

Name of the Vulnerable Software and Affected Versions EmpireCMS version 6.6

Description The issue concerns an eval injection vulnerability in the ReplaceListVars function within the template parser, located in e/class/connect.php. This vulnerability allows user-assisted remote attackers to execute arbitrary PHP code by crafting a malicious template.

Recommendations For EmpireCMS version 6.6, consider disabling the ReplaceListVars function in the template parser until a patch is available to prevent the execution of arbitrary PHP code. Restrict access to the template parser to minimize the risk of exploitation.