Hongcms Project: >> Hongcms Security Vulnerabilities
Cross Site Request Forgery vulnerability in Neeke HongCMS 3.0.0 allows a remote attacker to execute arbitrary code and escalate privileges via the updateusers parameter.
CVSS Score
8.8
EPSS Score
0.006
Published
2023-06-20
Cross Site Scripting (XSS) vulnerability in HongCMS 3.0 allows attackers to run arbitrary code via the callback parameter to /ajax/myshop.
CVSS Score
6.1
EPSS Score
0.001
Published
2023-04-28
An issue in the languages config file of HongCMS v3.0 allows attackers to getshell.
CVSS Score
7.2
EPSS Score
0.004
Published
2022-07-01
An issue in the /template/edit component of HongCMS v3.0 allows attackers to getshell.
CVSS Score
7.2
EPSS Score
0.004
Published
2022-07-01
HongCMS 3.0.0 allows arbitrary file deletion via the component /admin/index.php/template/ajax?action=delete.
CVSS Score
8.1
EPSS Score
0.004
Published
2022-04-26
HongCMS v3.0 contains an arbitrary file read and write vulnerability in the component /admin/index.php/template/edit.
CVSS Score
6.5
EPSS Score
0.003
Published
2021-10-04
Path Traversal in HongCMS v4.0.0 allows remote attackers to view, edit, and delete arbitrary files via a crafted POST request to the component "/hcms/admin/index.php/language/ajax."
CVSS Score
9.8
EPSS Score
0.018
Published
2021-05-18
HongCMS 3.0.0 has XSS via the install/index.php servername parameter.
CVSS Score
6.1
EPSS Score
0.004
Published
2019-10-16
HongCMS 3.0.0 has XSS via the install/index.php dbname parameter.
CVSS Score
6.1
EPSS Score
0.004
Published
2019-10-16
HongCMS 3.0.0 has XSS via the install/index.php dbusername parameter.
CVSS Score
6.1
EPSS Score
0.004
Published
2019-10-16
Page 1