7.5

CVE-2025-15422

Exploit

EmpireSoft EmpireCMS IP Address connect.php egetip protection mechanism

A flaw has been found in EmpireSoft EmpireCMS up to 8.0. This issue affects the function egetip of the file e/class/connect.php of the component IP Address Handler. This manipulation causes protection mechanism failure. The attack may be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PhomeEmpirecms Version <= 8.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.07% 0.603
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
cna@vuldb.com 5.5 0 0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
cna@vuldb.com 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:P/A:N
CWE-693 Protection Mechanism Failure

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

https://vuldb.com/?id.339344
Third Party Advisory
VDB Entry
https://vuldb.com/?ctiid.339344
VDB Entry
Permissions Required
https://vuldb.com/?submit.721344
Third Party Advisory
VDB Entry
https://note-hxlab.wetolink.com/share/0x74KEtzecFb
Third Party Advisory
Exploit
https://note-hxlab.wetolink.com/share/0x74KEtzecFb#-span--strong-proof-of-concept---strong---span-
Third Party Advisory
Exploit