EmpireSoft EmpireCMS connect.php CheckSaveTranFiletype unrestricted upload_CVE-2025-15423

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability has been found in EmpireSoft EmpireCMS up to 8.0. Impacted is the function CheckSaveTranFiletype of the file e/class/connect.php. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2025-15423

Source VulDB

Published Jan 2, 2026 at 02:02

Affected Product

Vendor EmpireSoft

Product EmpireCMS

Version 8.0

Affected Versions EmpireSoft EmpireCMS 8.0

CWE Classification

CWE-434 CWE-284

References

{
    "lastseen": "",
    "description": "A vulnerability has been found in EmpireSoft EmpireCMS up to 8.0. Impacted is the function CheckSaveTranFiletype of the file e/class/connect.php. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2026-01-02T02:02:09.580Z",
    "modified": "2026-01-02T02:02:09.580Z",
    "type": "cve",
    "title": "EmpireSoft EmpireCMS connect.php CheckSaveTranFiletype unrestricted upload",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.339345\nhttps://vuldb.com/?ctiid.339345\nhttps://vuldb.com/?submit.721346\nhttps://note-hxlab.wetolink.com/share/28QXRLje7Uz1\nhttps://note-hxlab.wetolink.com/share/28QXRLje7Uz1#-span--strong-proof-of-concept---strong---span-",
    "id": "CVE-2025-15423",
    "bulletinFamily": "",
    "cwe": [
        "CWE-434",
        "CWE-284"
    ],
    "cvelist": null,
    "sourceData": "EmpireSoft EmpireCMS 8.0",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "EmpireCMS",
    "version": "8.0",
    "vendor": "EmpireSoft",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}