Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hongcms project hongcms 3.0.0 vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2019-17610
HongCMS 3.0.0 has XSS via the install/index.php dbpassword parameter.
Hongcms Project Hongcms 3.0.0
383
VMScore
CVE-2019-17609
HongCMS 3.0.0 has XSS via the install/index.php dbusername parameter.
Hongcms Project Hongcms 3.0.0
578
VMScore
CVE-2022-32411
An issue in the languages config file of HongCMS v3.0 allows malicious users to getshell.
Hongcms Project Hongcms 3.0.0
578
VMScore
CVE-2022-32412
An issue in the /template/edit component of HongCMS v3.0 allows malicious users to getshell.
Hongcms Project Hongcms 3.0.0
490
VMScore
CVE-2019-16867
HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/database/ajax?action=delete, a similar issue to CVE-2018-16774. (If the attacker deletes config.php and visits install/index.php, they can reinstall the product.)
Hongcms Project Hongcms 3.0.0
490
VMScore
CVE-2019-8407
HongCMS 3.0.0 allows arbitrary file read and write operations via a ../ in the filename parameter to the admin/index.php/language/edit URI.
Hongcms Project Hongcms 3.0.0
383
VMScore
CVE-2019-17611
HongCMS 3.0.0 has XSS via the install/index.php tableprefix parameter.
Hongcms Project Hongcms 3.0.0
570
VMScore
CVE-2018-16774
HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/language/ajax?action=delete.
Hongcms Project Hongcms 3.0.0
NA
CVE-2020-21643
Cross Site Scripting (XSS) vulnerability in HongCMS 3.0 allows malicious users to run arbitrary code via the callback parameter to /ajax/myshop.
Hongcms Project Hongcms 3.0.0
490
VMScore
CVE-2022-28523
HongCMS 3.0.0 allows arbitrary file deletion via the component /admin/index.php/template/ajax?action=delete.
Hongcms Project Hongcms 3.0.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654
CVE-2024-2757
authentication bypass
CVE-2024-3194
CVE-2024-33640
CVE-2024-21111
dos
insecure direct object reference
CVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »