CVE-2025-50515
📋 TL;DR
This vulnerability allows attackers to execute arbitrary code on systems running phome Empirebak 2010 when the vulnerable config.php file is loaded. The issue affects installations with the ebak2008/upload/class/config.php file accessible. Attackers can achieve remote code execution by manipulating this configuration file.
💻 Affected Systems
- phome Empirebak 2010
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise with attacker gaining full control over the web server, allowing data theft, malware deployment, and lateral movement within the network.
Likely Case
Web server compromise leading to defacement, data exfiltration, or deployment of cryptocurrency miners or backdoors.
If Mitigated
Limited impact if proper file permissions and web server configurations prevent unauthorized access to the config file.
🎯 Exploit Status
Exploitation requires the attacker to be able to write to or manipulate the config.php file, which typically requires some level of access or another vulnerability.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown specific version - remove or secure the vulnerable file
Vendor Advisory: No official vendor advisory found
Restart Required: No
Instructions:
1. Remove or rename the vulnerable file: ebak2008/upload/class/config.php
2. If the file is required, move it outside the web root directory
3. Update any references to use the new secure location
4. Verify the application still functions correctly
🔧 Temporary Workarounds
Restrict File Permissions
Linux/UnixSet strict file permissions to prevent unauthorized write access to the config file
chmod 644 /path/to/ebak2008/upload/class/config.php
chown root:root /path/to/ebak2008/upload/class/config.php
Web Server Access Control
ApacheConfigure web server to deny direct access to the config.php file
<Files "config.php">
Order Allow,Deny
Deny from all
</Files>
🧯 If You Can't Patch
- Implement strict network segmentation to isolate the vulnerable system
- Deploy a web application firewall (WAF) with rules to block access to the vulnerable file path
🔍 How to Verify
Check if Vulnerable:
Check if the file exists at: /path/to/ebak2008/upload/class/config.php and verify its permissions and accessibilityCheck Version:
No standard version command - check application documentation or configuration filesVerify Fix Applied:
Attempt to access the config.php file via web browser or curl to confirm it returns 403/404 error📡 Detection & Monitoring
Log Indicators:
- Access attempts to ebak2008/upload/class/config.php
- Unusual file modifications to config.php
- Suspicious PHP execution patterns
Network Indicators:
- HTTP requests to the vulnerable file path
- Unusual outbound connections from the web server
SIEM Query:
web.url: "*ebak2008/upload/class/config.php*" OR file.path: "*config.php*" AND process.name: "php"