CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2025/05/23 9:32 a.m.•4 views

CVE-2024-22569

Stored Cross-Site Scripting XSS vulnerability in POSCMS v4.6.2, allows attackers to execute arbitrary code via a crafted payload to /index.php?c=install=index=2installdb=0...

5.4CVSS5.8AI score0.00127EPSS

OSV•added 2024/01/31 2:15 a.m.•0 views

CVE-2024-22569

Stored Cross-Site Scripting XSS vulnerability in POSCMS v4.6.2, allows attackers to execute arbitrary code via a crafted payload to /index.php?c=install&m=index&step=2&isinstalldb=0...

5.4CVSS6.1AI score

Exploits0References1

NVD•added 2024/01/31 2:15 a.m.•11 views

CVE-2024-22569

Stored Cross-Site Scripting XSS vulnerability in POSCMS v4.6.2, allows attackers to execute arbitrary code via a crafted payload to /index.php?c=install&m=index&step=2&isinstalldb=0...

5.4CVSS5.2AI score0.00127EPSS

Prion•added 2024/01/31 2:15 a.m.•11 views

Cross site scripting

Stored Cross-Site Scripting XSS vulnerability in POSCMS v4.6.2, allows attackers to execute arbitrary code via a crafted payload to /index.php?c=install&m=index&step=2&isinstalldb=0...

4.9CVSS6AI score0.00127EPSS

CVE•added 2024/01/31 12:0 a.m.•31 views

CVE-2024-22569

POSCMS v4.6.2 contains a Stored XSS vulnerability. A crafted payload to /index.php?c=install&m=index&step=2&is_install_db=0 can cause arbitrary code execution. The connected PT-2024-19489 advisory notes a workaround to restrict access to that endpoint until a patch is available; no patch/version ...

5.4CVSS5.2AI score0.00127EPSS

CNNVD•added 2024/01/31 12:0 a.m.•1 views

POSCMS Security Breach

POSCMS is a content management system. A security vulnerability exists in POSCMS version v4.6.2. An attacker can exploit the vulnerability by executing arbitrary code via a specially crafted payload to /index.php?c=install&m=index&step=2&isinstalldb=0...

5.4CVSS7.3AI score0.00127EPSS

Exploits1References2

Vulnrichment•added 2024/01/31 12:0 a.m.•3 views

CVE-2024-22569

Stored Cross-Site Scripting XSS vulnerability in POSCMS v4.6.2, allows attackers to execute arbitrary code via a crafted payload to /index.php?c=install&m=index&step=2&isinstalldb=0...

5.3AI score0.00127EPSS

Cvelist•added 2024/01/31 12:0 a.m.•16 views

CVE-2024-22569

Stored Cross-Site Scripting XSS vulnerability in POSCMS v4.6.2, allows attackers to execute arbitrary code via a crafted payload to /index.php?c=install&m=index&step=2&isinstalldb=0...

5.3AI score0.00127EPSS

Positive Technologies•added 2024/01/30 12:0 a.m.•1 views

PT-2024-19489 · Poscms · Poscms

Name of the Vulnerable Software and Affected Versions: POSCMS version 4.6.2 Description: A Stored Cross-Site Scripting XSS issue allows attackers to execute arbitrary code via a crafted payload to "/index.php?c=install&m=index&step=2&is install db=0". This enables attackers to inject malicious...

5.4CVSS5.4AI score0.00127EPSS

Exploits1References6

CNVD•added 2019/01/17 12:0 a.m.•1 views

Arbitrary File Read, File Write Vulnerabilities in POSCMS

POSCMS is an open source cross-platform web content management system developed by Php+Mysql. POSCMS arbitrary file read, file write vulnerability, an attacker can use the vulnerability to read any file , to obtain control of the web server...

7AI score

CNVD•added 2018/09/04 12:0 a.m.•1 views

File Upload Vulnerability in POSCMS

POSCMS is an open source cross-platform web content management system developed by Php+Mysql. POSCMS v3.2.0 free version has a file upload vulnerability that can be exploited by an attacker to upload files with unlimited Getshell...

7AI score

CNVD•added 2018/09/04 12:0 a.m.•1 views

phpkaiyuancms PhpOpenSourceCMS SQL Injection Vulnerability

phpkaiyuancms PhpOpenSourceCMS POSCMS is a PHP and MySQL based, cross-platform, open source web content management system CMS. A SQL injection vulnerability exists in POSCMS version 3.2.0, which can be exploited by remote attackers to execute arbitrary SQL commands with the help of the 'dir'...

9.8CVSS10AI score0.01714EPSS

Prion•added 2018/08/31 4:29 p.m.•11 views

Sql injection

phpkaiyuancms PhpOpenSourceCMS POSCMS V3.2.0 allows an unauthenticated user to execute arbitrary SQL commands via the diy/module/member/controllers/Api.php ajaxsavedraft function with the dir parameter...

7.5CVSS9.9AI score0.01714EPSS

OSV•added 2018/08/31 4:29 p.m.•2 views

CVE-2018-16278

9.8CVSS6AI score0.01714EPSS

Cvelist•added 2018/08/31 4:0 p.m.•9 views

CVE-2018-16278

10AI score0.01714EPSS

CVE•added 2018/08/31 4:0 p.m.•36 views

CVE-2018-16278

POSCMS (PhpOpenSourceCMS) v3.2.0 presents an SQL injection in the diy/module/member/controllers/Api.php ajax_save_draft endpoint through the dir parameter. The flaw allows unauthenticated remote attackers to execute arbitrary SQL commands, as described in CNVD-2018-19418 and corroborated by CVE-2...

9.8CVSS9.9AI score0.01714EPSS

CNVD•added 2018/07/30 12:0 a.m.•1 views

Arbitrary File Deletion Vulnerability in POSCMS v3.2.0

POSCMS is an open source cross-platform web content management system developed by Php+Mysql. POSCMS v3.2.0 version of the arbitrary file deletion vulnerability, an attacker can exploit the vulnerability to delete arbitrary files...

7AI score

CNVD•added 2018/07/24 12:0 a.m.•1 views

Code Execution Vulnerability in POSCMS v3.2.0 (Free Edition)

POSCMS PhpOpenSourceCMS is a PHP and MySQL based, open source, cross-platform web content management system CMS. A code execution vulnerability exists in POSCMS v3.2.0 free version. The vulnerability is due to improper filtering of user input in the background, an attacker can exploit the...

7.7AI score