Hongcms Project: >> Hongcms Security Vulnerabilities
HongCMS 3.0.0 has XSS via the install/index.php dbpassword parameter.
CVSS Score
6.1
EPSS Score
0.004
Published
2019-10-16
HongCMS 3.0.0 has XSS via the install/index.php tableprefix parameter.
CVSS Score
6.1
EPSS Score
0.004
Published
2019-10-16
HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/database/ajax?action=delete, a similar issue to CVE-2018-16774. (If the attacker deletes config.php and visits install/index.php, they can reinstall the product.)
CVSS Score
6.5
EPSS Score
0.003
Published
2019-09-25
HongCMS 3.0.0 allows arbitrary file read and write operations via a ../ in the filename parameter to the admin/index.php/language/edit URI.
CVSS Score
6.5
EPSS Score
0.005
Published
2019-02-17
HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/language/ajax?action=delete.
CVSS Score
7.5
EPSS Score
0.005
Published
2018-09-10
An issue was discovered in HongCMS 3.0.0. There is an Arbitrary Script File Upload issue that can result in PHP code execution via the admin/index.php/template/upload URI.
CVSS Score
7.2
EPSS Score
0.014
Published
2018-06-29
An issue wan discovered in admin\controllers\database.php in HongCMS 3.0.0. There is a SQL Injection vulnerability via an admin/index.php/database/operate?dbaction=emptytable&tablename= URI.
CVSS Score
7.2
EPSS Score
0.014
Published
2018-06-27
system\errors\404.php in HongCMS 3.0.0 has XSS via crafted input that triggers a 404 HTTP status code.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-06-13
An issue was discovered in HongCMS 3.0.0. The post news feature has Stored XSS via the content field.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-04-26
An issue was discovered in HongCMS v3.0.0. There is a CSRF vulnerability that can add an administrator account via the admin/index.php/users/save URI.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-04-22