High

DATE	CVE	VULNERABILITY TITLE	RISK
2018-08-31	CVE-2018-16278	SQL Injection vulnerability in PHPkaiyuancms PHPopensourcecms 3.2.0 phpkaiyuancms PhpOpenSourceCMS (POSCMS) V3.2.0 allows an unauthenticated user to execute arbitrary SQL commands via the diy/module/member/controllers/Api.php ajax_save_draft function with the dir parameter. network low complexity phpkaiyuancms CWE-89	7.5

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.