CVE-2018-20300

Name of the Vulnerable Software and Affected Versions Empire CMS version 7.5

Description The issue allows remote attackers to execute arbitrary PHP code. This is achieved by injecting code into a memberform.$fid.php file via the ftemp parameter in an "enews=EditMemberForm" action.

Recommendations For Empire CMS version 7.5, avoid using the ftemp parameter in the "enews=EditMemberForm" action until the issue is resolved. As a temporary workaround, consider restricting access to the memberform.$fid.php file to minimize the risk of exploitation.