CVE-2018-20300

Empire CMS 7.5 allows remote attackers to execute arbitrary PHP code via the ftemp parameter in an enews=EditMemberForm action because this code is injected into a memberform.$fid.php file. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt