PT-2026-1039 · Empiresoft · Empirecms
Gets
·
Publicado
2026-01-02
·
Atualizado
2026-01-07
·
CVE-2025-15422
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
EmpireSoft EmpireCMS versions up to 8.0
Description
A security issue exists in EmpireSoft EmpireCMS related to the IP Address Handler component. The issue resides in the
egetip function within the e/class/connect.php file. This flaw results in a failure of protection mechanisms. The attack can be initiated remotely. The exploit for this issue has been published. The vendor was notified but did not respond.Recommendations
Versions prior to 8.0 should be updated. As a temporary workaround, consider restricting access to the
e/class/connect.php file to minimize the risk of exploitation.Exploit
Correção
Protection Mechanism Failure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Empirecms