Vulnerabilities
Vulnerable Software
Poscms:  >> Poscms  >> 3.2.10  Security Vulnerabilities
POSCMS 3.2.10 allows remote attackers to execute arbitrary PHP code via the diy\module\member\controllers\admin\Setting.php 'index' function because an attacker can control the value of $cache['setting']['ucssocfg'] in diy\module\member\models\Member_model.php and write this code into the api/ucsso/config.php file.
CVSS Score
7.2
EPSS Score
0.009
Published
2018-04-19


Contact Us

Shodan ® - All rights reserved