Skip to main content

Poscms

3 CVEs product

Monthly

CVE-2024-22569 MEDIUM POC This Month

Stored Cross-Site Scripting (XSS) vulnerability in POSCMS v4.6.2, allows attackers to execute arbitrary code via a crafted payload to /index.php?c=install&m=index&step=2&is_install_db=0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP XSS Poscms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2018-10236 HIGH POC This Week

POSCMS 3.2.18 allows remote attackers to execute arbitrary PHP code via the diy\dayrui\controllers\admin\Syscontroller.php 'add' function because an attacker can control the value of $data['name']. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Poscms
NVD GitHub
CVSS 3.0
7.2
EPSS
1.5%
CVE-2018-10235 HIGH POC This Week

POSCMS 3.2.10 allows remote attackers to execute arbitrary PHP code via the diy\module\member\controllers\admin\Setting.php 'index' function because an attacker can control the value of. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Poscms
NVD GitHub
CVSS 3.0
7.2
EPSS
1.5%
EPSS 0% CVSS 5.4
MEDIUM POC This Month

Stored Cross-Site Scripting (XSS) vulnerability in POSCMS v4.6.2, allows attackers to execute arbitrary code via a crafted payload to /index.php?c=install&m=index&step=2&is_install_db=0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP XSS +1
NVD GitHub
EPSS 2% CVSS 7.2
HIGH POC This Week

POSCMS 3.2.18 allows remote attackers to execute arbitrary PHP code via the diy\dayrui\controllers\admin\Syscontroller.php 'add' function because an attacker can control the value of $data['name']. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP +1
NVD GitHub
EPSS 2% CVSS 7.2
HIGH POC This Week

POSCMS 3.2.10 allows remote attackers to execute arbitrary PHP code via the diy\module\member\controllers\admin\Setting.php 'index' function because an attacker can control the value of. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP +1
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy