Arbitrary PHP Code Execution in POSCMS 3.2.10 via 'index' Function in Setting.php

Arbitrary PHP Code Execution in POSCMS 3.2.10 via 'index' Function in Setting.php

CVE-2018-10235 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

POSCMS 3.2.10 allows remote attackers to execute arbitrary PHP code via the diy\module\member\controllers\admin\Setting.php 'index' function because an attacker can control the value of $cache['setting']['ucssocfg'] in diy\module\member\models\Member_model.php and write this code into the api/ucsso/config.php file.

Learn more about our Api Penetration Testing.