cbcvebase.

Hongcms Project Hongcms vulnerabilities

20 known vulnerabilities affecting hongcms_project/hongcms.

Total CVEs
20
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH8MEDIUM11

Vulnerabilities

Page 1 of 1
CVE-2018-12912P3HIGHCVSS 7.2PoCv3.0.02018-06-27
CVE-2018-12912 [HIGH] CWE-89 CVE-2018-12912: An issue wan discovered in admin\controllers\database.php in HongCMS 3.0.0. There is a SQL Injection An issue wan discovered in admin\controllers\database.php in HongCMS 3.0.0. There is a SQL Injection vulnerability via an admin/index.php/database/operate?dbaction=emptytable&tablename= URI.
nvd
CVE-2020-18178P3CRITICALCVSS 9.8v4.0.02021-05-18
CVE-2020-18178 [CRITICAL] CWE-22 CVE-2020-18178: Path Traversal in HongCMS v4.0.0 allows remote attackers to view, edit, and delete arbitrary files v Path Traversal in HongCMS v4.0.0 allows remote attackers to view, edit, and delete arbitrary files via a crafted POST request to the component "/hcms/admin/index.php/language/ajax."
nvd
CVE-2020-21252P3HIGHCVSS 8.8v3.0.02023-06-20
CVE-2020-21252 [HIGH] CWE-352 CVE-2020-21252: Cross Site Request Forgery vulnerability in Neeke HongCMS 3.0.0 allows a remote attacker to execute Cross Site Request Forgery vulnerability in Neeke HongCMS 3.0.0 allows a remote attacker to execute arbitrary code and escalate privileges via the updateusers parameter.
nvd
CVE-2022-28523P3HIGHCVSS 8.1v3.0.02022-04-26
CVE-2022-28523 [HIGH] CWE-22 CVE-2022-28523: HongCMS 3.0.0 allows arbitrary file deletion via the component /admin/index.php/template/ajax?action HongCMS 3.0.0 allows arbitrary file deletion via the component /admin/index.php/template/ajax?action=delete.
nvd
CVE-2018-16774P3HIGHCVSS 7.5v3.0.02018-09-10
CVE-2018-16774 [HIGH] CWE-22 CVE-2018-16774: HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/lang HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/language/ajax?action=delete.
nvd
CVE-2018-13021P3HIGHCVSS 7.2v3.0.02018-06-29
CVE-2018-13021 [HIGH] CWE-434 CVE-2018-13021: An issue was discovered in HongCMS 3.0.0. There is an Arbitrary Script File Upload issue that can re An issue was discovered in HongCMS 3.0.0. There is an Arbitrary Script File Upload issue that can result in PHP code execution via the admin/index.php/template/upload URI.
nvd
CVE-2022-32411P3HIGHCVSS 7.2v3.0.02022-07-01
CVE-2022-32411 [HIGH] CVE-2022-32411: An issue in the languages config file of HongCMS v3.0 allows attackers to getshell. An issue in the languages config file of HongCMS v3.0 allows attackers to getshell.
nvd
CVE-2022-32412P3HIGHCVSS 7.2v3.0.02022-07-01
CVE-2022-32412 [HIGH] CVE-2022-32412: An issue in the /template/edit component of HongCMS v3.0 allows attackers to getshell. An issue in the /template/edit component of HongCMS v3.0 allows attackers to getshell.
nvd
CVE-2019-16867P4MEDIUMCVSS 6.5v3.0.02019-09-25
CVE-2019-16867 [MEDIUM] CVE-2019-16867: HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/data HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/database/ajax?action=delete, a similar issue to CVE-2018-16774. (If the attacker deletes config.php and visits install/index.php, they can reinstall the product.)
nvd
CVE-2020-21431P4MEDIUMCVSS 6.5v3.0.02021-10-04
CVE-2020-21431 [MEDIUM] CVE-2020-21431: HongCMS v3.0 contains an arbitrary file read and write vulnerability in the component /admin/index.p HongCMS v3.0 contains an arbitrary file read and write vulnerability in the component /admin/index.php/template/edit.
nvd
CVE-2018-10265P4HIGHCVSS 8.8v3.0.02018-04-22
CVE-2018-10265 [HIGH] CWE-352 CVE-2018-10265: An issue was discovered in HongCMS v3.0.0. There is a CSRF vulnerability that can add an administrat An issue was discovered in HongCMS v3.0.0. There is a CSRF vulnerability that can add an administrator account via the admin/index.php/users/save URI.
nvd
CVE-2019-8407P4MEDIUMCVSS 6.5v3.0.02019-02-17
CVE-2019-8407 [MEDIUM] CWE-22 CVE-2019-8407: HongCMS 3.0.0 allows arbitrary file read and write operations via a ../ in the filename parameter to HongCMS 3.0.0 allows arbitrary file read and write operations via a ../ in the filename parameter to the admin/index.php/language/edit URI.
nvd
CVE-2019-17608P4MEDIUMCVSS 6.1v3.0.02019-10-16
CVE-2019-17608 [MEDIUM] CWE-79 CVE-2019-17608: HongCMS 3.0.0 has XSS via the install/index.php dbname parameter. HongCMS 3.0.0 has XSS via the install/index.php dbname parameter.
nvd
CVE-2019-17609P4MEDIUMCVSS 6.1v3.0.02019-10-16
CVE-2019-17609 [MEDIUM] CWE-79 CVE-2019-17609: HongCMS 3.0.0 has XSS via the install/index.php dbusername parameter. HongCMS 3.0.0 has XSS via the install/index.php dbusername parameter.
nvd
CVE-2019-17607P4MEDIUMCVSS 6.1v3.0.02019-10-16
CVE-2019-17607 [MEDIUM] CWE-79 CVE-2019-17607: HongCMS 3.0.0 has XSS via the install/index.php servername parameter. HongCMS 3.0.0 has XSS via the install/index.php servername parameter.
nvd
CVE-2019-17611P4MEDIUMCVSS 6.1v3.0.02019-10-16
CVE-2019-17611 [MEDIUM] CWE-79 CVE-2019-17611: HongCMS 3.0.0 has XSS via the install/index.php tableprefix parameter. HongCMS 3.0.0 has XSS via the install/index.php tableprefix parameter.
nvd
CVE-2019-17610P4MEDIUMCVSS 6.1v3.0.02019-10-16
CVE-2019-17610 [MEDIUM] CWE-79 CVE-2019-17610: HongCMS 3.0.0 has XSS via the install/index.php dbpassword parameter. HongCMS 3.0.0 has XSS via the install/index.php dbpassword parameter.
nvd
CVE-2018-12266P4MEDIUMCVSS 6.1v3.0.02018-06-13
CVE-2018-12266 [MEDIUM] CWE-79 CVE-2018-12266: system\errors\404.php in HongCMS 3.0.0 has XSS via crafted input that triggers a 404 HTTP status cod system\errors\404.php in HongCMS 3.0.0 has XSS via crafted input that triggers a 404 HTTP status code.
nvd
CVE-2020-21643P4MEDIUMCVSS 6.1v3.0.02023-04-28
CVE-2020-21643 [MEDIUM] CWE-79 CVE-2020-21643: Cross Site Scripting (XSS) vulnerability in HongCMS 3.0 allows attackers to run arbitrary code via t Cross Site Scripting (XSS) vulnerability in HongCMS 3.0 allows attackers to run arbitrary code via the callback parameter to /ajax/myshop.
nvd
CVE-2018-10422P4MEDIUMCVSS 4.8v3.0.02018-04-26
CVE-2018-10422 [MEDIUM] CWE-79 CVE-2018-10422: An issue was discovered in HongCMS 3.0.0. The post news feature has Stored XSS via the content field An issue was discovered in HongCMS 3.0.0. The post news feature has Stored XSS via the content field.
nvd
Hongcms Project Hongcms vulnerabilities | cvebase