2 matches found
CVE-2018-10235
POSCMS 3.2.10 allows remote attackers to execute arbitrary PHP code via the diy\module\member\controllers\admin\Setting.php 'index' function because an attacker can control the value of $cache'setting''ucssocfg' in diy\module\member\models\Membermodel.php and write this code into the...
CVE-2018-10235
Summary: CVE-2018-10235 affects POSCMS 3.2.10, allowing remote arbitrary PHP code execution via the diy\module\member\controllers\admin\Setting.php (index) by controlling $cache['setting']['ucssocfg'] in diy\module\member\models\Member_model.php and writing the code into api/ucsso/config.php. Mul...