CVE-2018-16278

phpkaiyuancms PhpOpenSourceCMS (POSCMS) V3.2.0 allows an unauthenticated user to execute arbitrary SQL commands via the diy/module/member/controllers/Api.php ajax_save_draft function with the dir parameter.
References
Link Resource
https://github.com/howchen/howchen/issues/3 Exploit Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:phpkaiyuancms:phpopensourcecms:3.2.0:*:*:*:*:*:*:*

Information

Published : 2018-08-31 04:29

Updated : 2018-10-23 08:17


NVD link : CVE-2018-16278

Mitre link : CVE-2018-16278

Products Affected
No products.
CWE