EUVD-2018-2310

Malware in sbrugna...

EUVD-2024-20104

Malicious code in bioql PyPI...

CVE-2024-22569

Stored Cross-Site Scripting XSS vulnerability in POSCMS v4.6.2, allows attackers to execute arbitrary code via a crafted payload to /index.php?c=install=index=2installdb=0...

CVE-2024-22569

Stored Cross-Site Scripting XSS vulnerability in POSCMS v4.6.2, allows attackers to execute arbitrary code via a crafted payload to /index.php?c=install&m=index&step=2&isinstalldb=0...

CVE-2024-22569

Stored Cross-Site Scripting XSS vulnerability in POSCMS v4.6.2, allows attackers to execute arbitrary code via a crafted payload to /index.php?c=install&m=index&step=2&isinstalldb=0...

Cross site scripting

Stored Cross-Site Scripting XSS vulnerability in POSCMS v4.6.2, allows attackers to execute arbitrary code via a crafted payload to /index.php?c=install&m=index&step=2&isinstalldb=0...

CVE-2024-22569

Stored Cross-Site Scripting XSS vulnerability in POSCMS v4.6.2, allows attackers to execute arbitrary code via a crafted payload to /index.php?c=install&m=index&step=2&isinstalldb=0...

CVE-2024-22569

Stored Cross-Site Scripting XSS vulnerability in POSCMS v4.6.2, allows attackers to execute arbitrary code via a crafted payload to /index.php?c=install&m=index&step=2&isinstalldb=0...

CVE-2024-22569

POSCMS v4.6.2 contains a Stored XSS vulnerability. A crafted payload to /index.php?c=install&m=index&step=2&is_install_db=0 can cause arbitrary code execution. The connected PT-2024-19489 advisory notes a workaround to restrict access to that endpoint until a patch is available; no patch/version ...

POSCMS Security Breach

POSCMS is a content management system. A security vulnerability exists in POSCMS version v4.6.2. An attacker can exploit the vulnerability by executing arbitrary code via a specially crafted payload to /index.php?c=install&m=index&step=2&isinstalldb=0...

PT-2024-19489 · Poscms · Poscms

Name of the Vulnerable Software and Affected Versions: POSCMS version 4.6.2 Description: A Stored Cross-Site Scripting XSS issue allows attackers to execute arbitrary code via a crafted payload to "/index.php?c=install&m=index&step=2&is install db=0". This enables attackers to inject malicious...

Arbitrary File Read, File Write Vulnerabilities in POSCMS

POSCMS is an open source cross-platform web content management system developed by Php+Mysql. POSCMS arbitrary file read, file write vulnerability, an attacker can use the vulnerability to read any file , to obtain control of the web server...

File Upload Vulnerability in POSCMS

POSCMS is an open source cross-platform web content management system developed by Php+Mysql. POSCMS v3.2.0 free version has a file upload vulnerability that can be exploited by an attacker to upload files with unlimited Getshell...

phpkaiyuancms PhpOpenSourceCMS SQL Injection Vulnerability

phpkaiyuancms PhpOpenSourceCMS POSCMS is a PHP and MySQL based, cross-platform, open source web content management system CMS. A SQL injection vulnerability exists in POSCMS version 3.2.0, which can be exploited by remote attackers to execute arbitrary SQL commands with the help of the 'dir'...

CVE-2018-16278

phpkaiyuancms PhpOpenSourceCMS POSCMS V3.2.0 allows an unauthenticated user to execute arbitrary SQL commands via the diy/module/member/controllers/Api.php ajaxsavedraft function with the dir parameter...

Sql injection

phpkaiyuancms PhpOpenSourceCMS POSCMS V3.2.0 allows an unauthenticated user to execute arbitrary SQL commands via the diy/module/member/controllers/Api.php ajaxsavedraft function with the dir parameter...

CVE-2018-16278

phpkaiyuancms PhpOpenSourceCMS POSCMS V3.2.0 allows an unauthenticated user to execute arbitrary SQL commands via the diy/module/member/controllers/Api.php ajaxsavedraft function with the dir parameter...

CVE-2018-16278

POSCMS (PhpOpenSourceCMS) v3.2.0 presents an SQL injection in the diy/module/member/controllers/Api.php ajax_save_draft endpoint through the dir parameter. The flaw allows unauthenticated remote attackers to execute arbitrary SQL commands, as described in CNVD-2018-19418 and corroborated by CVE-2...

Arbitrary File Deletion Vulnerability in POSCMS v3.2.0

POSCMS is an open source cross-platform web content management system developed by Php+Mysql. POSCMS v3.2.0 version of the arbitrary file deletion vulnerability, an attacker can exploit the vulnerability to delete arbitrary files...

Code Execution Vulnerability in POSCMS v3.2.0 (Free Edition)

POSCMS PhpOpenSourceCMS is a PHP and MySQL based, open source, cross-platform web content management system CMS. A code execution vulnerability exists in POSCMS v3.2.0 free version. The vulnerability is due to improper filtering of user input in the background, an attacker can exploit the...