漏洞关键信息 Title: EmpireSoft EmpireCMS <= 8.0 Unrestricted Upload CVE ID: CVE-2025-XXXX Description: - File upload restriction bypass vulnerability in EmpireCMS <= 8.0. - Vulnerability in function of . - Blacklist-based file type validation fails to block dangerous file types like and . - Allows authenticated users to upload Apache/Nginx config files enabling arbitrary PHP code execution. - Leads to Remote Code Execution (RCE) on the server. Source: https://note-hxlab.wetolink.com/share/28QXRLje7Uz1 User: gets (UID 71108) Submission Date: 12/22/2025 Moderation Date: 01/01/2026 Status: Accepted VulDB Entry: 339345 Points: 20