Lucene search
K

33 matches found

CNVD
CNVD
added 2018/07/19 12:0 a.m.2 views

SQL Injection Vulnerability in POSCMS v3.2.0 (Free Edition) R***.php Page

POSCMS PhpOpenSourceCMS is a set of China Tianrui information technology company developed a set of PHP and MySQL-based, open source, cross-platform Web content management system CMS. A SQL injection vulnerability exists in the R.php page of POSCMS v3.2.0 free version, which is caused by the...

7.6AI score
Exploits0
CNVD
CNVD
added 2018/07/19 12:0 a.m.3 views

Arbitrary File Upload Vulnerability in POSCMS v3.2.0 (Free Edition)

POSCMS PhpOpenSourceCMS is a PHP and MySQL based, open source, cross-platform web content management system CMS. POSCMS 3.2.0 free version suffers from an arbitrary file upload vulnerability. An attacker can exploit the vulnerability to write files and execute arbitrary code to gain server...

8.1AI score
Exploits0
CNVD
CNVD
added 2018/07/18 12:0 a.m.4 views

SQL Injection Vulnerability in POSCMS v3.2.0 (Free Edition) A***.php

POSCMS PhpOpenSourceCMS is a set of China Tianrui information technology company developed a set of PHP and MySQL-based, open source, cross-platform Web content management system CMS. POSCMS v3.2.0 free version A.php suffers from a SQL injection vulnerability, which can be exploited by attackers ...

7.6AI score
Exploits0
CNVD
CNVD
added 2018/05/11 12:0 a.m.2 views

POSCMS Code Execution Vulnerability

POSCMS PhpOpenSourceCMS is a set of China Tianrui information technology company based on PHP and MySQL, open source, cross-platform Web content management system CMS. A security vulnerability exists in POSCMS version 3.2.18. A remote attacker can exploit the vulnerability by using the 'add'...

7.2CVSS7.3AI score0.01521EPSS
Exploits1References1
CNVD
CNVD
added 2018/05/11 12:0 a.m.1 views

POSCMS 'index' function arbitrary code execution vulnerability

POSCMS PhpOpenSourceCMS is a PHP and MySQL based, open source, cross-platform web content management system CMS. A security vulnerability exists in POSCMS version 3.2.10. An attacker can exploit the vulnerability by writing code to the api/ucsso/config.php file with the help of the 'index' functi...

7.2CVSS7AI score0.01521EPSS
Exploits1References1
OSV
OSV
added 2018/04/19 6:29 p.m.3 views

CVE-2018-10235

POSCMS 3.2.10 allows remote attackers to execute arbitrary PHP code via the diy\module\member\controllers\admin\Setting.php 'index' function because an attacker can control the value of $cache'setting''ucssocfg' in diy\module\member\models\Membermodel.php and write this code into the...

7.2CVSS6.1AI score0.01521EPSS
Exploits1References1
NVD
NVD
added 2018/04/19 6:29 p.m.19 views

CVE-2018-10235

POSCMS 3.2.10 allows remote attackers to execute arbitrary PHP code via the diy\module\member\controllers\admin\Setting.php 'index' function because an attacker can control the value of $cache'setting''ucssocfg' in diy\module\member\models\Membermodel.php and write this code into the...

7.2CVSS7.4AI score0.01521EPSS
Exploits1References1
Prion
Prion
added 2018/04/19 6:29 p.m.15 views

Arbitrary file deletion

POSCMS 3.2.18 allows remote attackers to execute arbitrary PHP code via the diy\dayrui\controllers\admin\Syscontroller.php 'add' function because an attacker can control the value of $data'name' with no restrictions, and this value is written to the FCPATH.$file file...

6.5CVSS7.4AI score0.01521EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2018/04/19 6:29 p.m.16 views

CVE-2018-10236

POSCMS 3.2.18 allows remote attackers to execute arbitrary PHP code via the diy\dayrui\controllers\admin\Syscontroller.php 'add' function because an attacker can control the value of $data'name' with no restrictions, and this value is written to the FCPATH.$file file...

7.2CVSS7.5AI score0.01521EPSS
Exploits1References1
CVE
CVE
added 2018/04/19 6:0 p.m.43 views

CVE-2018-10236

POSCMS 3.2.18 is affected by a remote PHP code execution in the diy\dayrui\controllers\admin\Syscontroller.php add function, where an attacker can set $data['name'] without restrictions and its value is written to FCPATH.$file. This allows arbitrary PHP code execution on vulnerable servers. The C...

7.2CVSS7.4AI score0.01521EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2018/04/19 6:0 p.m.40 views

CVE-2018-10235

Summary: CVE-2018-10235 affects POSCMS 3.2.10, allowing remote arbitrary PHP code execution via the diy\module\member\controllers\admin\Setting.php (index) by controlling $cache['setting']['ucssocfg'] in diy\module\member\models\Member_model.php and writing the code into api/ucsso/config.php. Mul...

7.2CVSS7.4AI score0.01521EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2018/02/06 12:0 a.m.1 views

Code execution vulnerability in poscms version 3.2.0.1204

POSCMS is an open source cross-platform web content management system developed by Php+Mysql. POSCMS version 3.2.0.1204 code execution vulnerability , the program writes to the cache file of the data from the database site information is not sufficiently filtered when taken out , an attacker can ...

7.4AI score
Exploits0
CNVD
CNVD
added 2017/07/10 12:0 a.m.3 views

File Upload Vulnerability for Registered Members of Poscms and finecms

POSCMS is an open source, cross-platform web content management system developed by Php+Mysql; FineCMS is a content management system CMS developed using MVC architecture and PDO database interface. Poscms and finecms registered members of a file upload vulnerability , attackers can use the...

7AI score
Exploits0
Rows per page
Query Builder