mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-28 09:12:08 +00:00
833 B
833 B
CVE-2018-10236
Description
POSCMS 3.2.18 allows remote attackers to execute arbitrary PHP code via the diy\dayrui\controllers\admin\Syscontroller.php 'add' function because an attacker can control the value of $data['name'] with no restrictions, and this value is written to the FCPATH.$file file.
POC
Reference
- https://github.com/myndtt/vulnerability/blob/master/poscms/3-2-18.md
- https://github.com/myndtt/vulnerability/blob/master/poscms/3-2-18.md
Github
No PoCs found on GitHub currently.