High severity7.2NVD Advisory· Published Apr 19, 2018· Updated Jun 17, 2026
CVE-2018-10236
CVE-2018-10236
Description
POSCMS 3.2.18 allows remote attackers to execute arbitrary PHP code via the diy\dayrui\controllers\admin\Syscontroller.php 'add' function because an attacker can control the value of $data['name'] with no restrictions, and this value is written to the FCPATH.$file file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1Patches
Vulnerability mechanics
References
1- github.com/myndtt/vulnerability/blob/master/poscms/3-2-18.mdnvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.