33 matches found
SQL Injection Vulnerability in POSCMS v3.2.0 (Free Edition) R***.php Page
POSCMS PhpOpenSourceCMS is a set of China Tianrui information technology company developed a set of PHP and MySQL-based, open source, cross-platform Web content management system CMS. A SQL injection vulnerability exists in the R.php page of POSCMS v3.2.0 free version, which is caused by the...
Arbitrary File Upload Vulnerability in POSCMS v3.2.0 (Free Edition)
POSCMS PhpOpenSourceCMS is a PHP and MySQL based, open source, cross-platform web content management system CMS. POSCMS 3.2.0 free version suffers from an arbitrary file upload vulnerability. An attacker can exploit the vulnerability to write files and execute arbitrary code to gain server...
SQL Injection Vulnerability in POSCMS v3.2.0 (Free Edition) A***.php
POSCMS PhpOpenSourceCMS is a set of China Tianrui information technology company developed a set of PHP and MySQL-based, open source, cross-platform Web content management system CMS. POSCMS v3.2.0 free version A.php suffers from a SQL injection vulnerability, which can be exploited by attackers ...
POSCMS Code Execution Vulnerability
POSCMS PhpOpenSourceCMS is a set of China Tianrui information technology company based on PHP and MySQL, open source, cross-platform Web content management system CMS. A security vulnerability exists in POSCMS version 3.2.18. A remote attacker can exploit the vulnerability by using the 'add'...
POSCMS 'index' function arbitrary code execution vulnerability
POSCMS PhpOpenSourceCMS is a PHP and MySQL based, open source, cross-platform web content management system CMS. A security vulnerability exists in POSCMS version 3.2.10. An attacker can exploit the vulnerability by writing code to the api/ucsso/config.php file with the help of the 'index' functi...
CVE-2018-10235
POSCMS 3.2.10 allows remote attackers to execute arbitrary PHP code via the diy\module\member\controllers\admin\Setting.php 'index' function because an attacker can control the value of $cache'setting''ucssocfg' in diy\module\member\models\Membermodel.php and write this code into the...
CVE-2018-10235
POSCMS 3.2.10 allows remote attackers to execute arbitrary PHP code via the diy\module\member\controllers\admin\Setting.php 'index' function because an attacker can control the value of $cache'setting''ucssocfg' in diy\module\member\models\Membermodel.php and write this code into the...
Arbitrary file deletion
POSCMS 3.2.18 allows remote attackers to execute arbitrary PHP code via the diy\dayrui\controllers\admin\Syscontroller.php 'add' function because an attacker can control the value of $data'name' with no restrictions, and this value is written to the FCPATH.$file file...
CVE-2018-10236
POSCMS 3.2.18 allows remote attackers to execute arbitrary PHP code via the diy\dayrui\controllers\admin\Syscontroller.php 'add' function because an attacker can control the value of $data'name' with no restrictions, and this value is written to the FCPATH.$file file...
CVE-2018-10236
POSCMS 3.2.18 is affected by a remote PHP code execution in the diy\dayrui\controllers\admin\Syscontroller.php add function, where an attacker can set $data['name'] without restrictions and its value is written to FCPATH.$file. This allows arbitrary PHP code execution on vulnerable servers. The C...
CVE-2018-10235
Summary: CVE-2018-10235 affects POSCMS 3.2.10, allowing remote arbitrary PHP code execution via the diy\module\member\controllers\admin\Setting.php (index) by controlling $cache['setting']['ucssocfg'] in diy\module\member\models\Member_model.php and writing the code into api/ucsso/config.php. Mul...
Code execution vulnerability in poscms version 3.2.0.1204
POSCMS is an open source cross-platform web content management system developed by Php+Mysql. POSCMS version 3.2.0.1204 code execution vulnerability , the program writes to the cache file of the data from the database site information is not sufficiently filtered when taken out , an attacker can ...
File Upload Vulnerability for Registered Members of Poscms and finecms
POSCMS is an open source, cross-platform web content management system developed by Php+Mysql; FineCMS is a content management system CMS developed using MVC architecture and PDO database interface. Poscms and finecms registered members of a file upload vulnerability , attackers can use the...