Stored Cross-Site Scripting (XSS) vulnerability in POSCMS v4.6.2, allows attackers to execute arbitrary code via a crafted payload to...
5.4CVSS
5.2AI Score
0.0005EPSS
POSCMS 3.2.10 allows remote attackers to execute arbitrary PHP code via the diy\module\member\controllers\admin\Setting.php 'index' function because an attacker can control the value of $cache['setting']['ucssocfg'] in diy\module\member\models\Member_model.php and write this code into the...
7.2CVSS
7.4AI Score
0.004EPSS
POSCMS 3.2.18 allows remote attackers to execute arbitrary PHP code via the diy\dayrui\controllers\admin\Syscontroller.php 'add' function because an attacker can control the value of $data['name'] with no restrictions, and this value is written to the FCPATH.$file...
7.2CVSS
7.4AI Score
0.004EPSS