phpkaiyuancms PhpOpenSourceCMS (POSCMS) V3.2.0 allows an unauthenticated user to execute arbitrary SQL commands via the diy/module/member/controllers/Api.php ajax_save_draft function with the dir parameter.
References
Link | Resource |
---|---|
https://github.com/howchen/howchen/issues/3 | Exploit Third Party Advisory |
Configurations
History
No history.
Information
Published : 2018-08-31 16:29
Updated : 2023-12-10 12:44
NVD link : CVE-2018-16278
Mitre link : CVE-2018-16278
CVE.ORG link : CVE-2018-16278
JSON object : View
Products Affected
phpkaiyuancms
- phpopensourcecms
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')