CVE-2018-10236
POSCMS 3.2.18 is affected by a remote PHP code execution in the diy\dayrui\controllers\admin\Syscontroller.php add function, where an attacker can set $data['name'] without restrictions and its value is written to FCPATH.$file. This allows arbitrary PHP code execution on vulnerable servers. The C...