PT-2018-9775 · Poscms · Poscms
Published
2018-04-19
·
Updated
2018-05-22
·
CVE-2018-10235
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
POSCMS version 3.2.10
Description:
The issue allows remote attackers to execute arbitrary PHP code. This is possible because an attacker can control the value of
cache['setting']['ucssocfg'] in diymodulemembermodelsMember model.php and write this code into the "api/ucsso/config.php" file through the 'index' function in diymodulemembercontrollersadminSetting.php.Recommendations:
For POSCMS version 3.2.10, consider disabling the
index function in diymodulemembercontrollersadminSetting.php as a temporary workaround until a patch is available. Restrict access to the diymodulemembermodelsMember model.php model to minimize the risk of exploitation. Avoid using the cache['setting']['ucssocfg'] variable in the affected code until the issue is resolved.Exploit
Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Poscms