CVE-2018-16278

POSCMS (PhpOpenSourceCMS) v3.2.0 presents an SQL injection in the diy/module/member/controllers/Api.php ajax_save_draft endpoint through the dir parameter. The flaw allows unauthenticated remote attackers to execute arbitrary SQL commands, as described in CNVD-2018-19418 and corroborated by CVE-2...