MidnightBSD

Advisories for phpkaiyuancms

CVE-2018-16278 HIGH

phpkaiyuancms PhpOpenSourceCMS (POSCMS) V3.2.0 allows an unauthenticated user to execute arbitrary SQL commands via the diy/module/member/controllers/Api.php ajax_save_draft function with the dir parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
phpkaiyuancms phpopensourcecms 3.2.0