Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hongcms project hongcms 3.0.0 vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2022-32411
An issue in the languages config file of HongCMS v3.0 allows malicious users to getshell.
Hongcms Project Hongcms 3.0.0
7.2
CVSSv3
CVE-2022-32412
An issue in the /template/edit component of HongCMS v3.0 allows malicious users to getshell.
Hongcms Project Hongcms 3.0.0
8.1
CVSSv3
CVE-2022-28523
HongCMS 3.0.0 allows arbitrary file deletion via the component /admin/index.php/template/ajax?action=delete.
Hongcms Project Hongcms 3.0.0
6.1
CVSSv3
CVE-2018-12266
system\errors\404.php in HongCMS 3.0.0 has XSS via crafted input that triggers a 404 HTTP status code.
Hongcms Project Hongcms 3.0.0
6.1
CVSSv3
CVE-2020-21643
Cross Site Scripting (XSS) vulnerability in HongCMS 3.0 allows malicious users to run arbitrary code via the callback parameter to /ajax/myshop.
Hongcms Project Hongcms 3.0.0
6.5
CVSSv3
CVE-2019-16867
HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/database/ajax?action=delete, a similar issue to CVE-2018-16774. (If the attacker deletes config.php and visits install/index.php, they can reinstall the product.)
Hongcms Project Hongcms 3.0.0
8.8
CVSSv3
CVE-2020-21252
Cross Site Request Forgery vulnerability in Neeke HongCMS 3.0.0 allows a remote malicious user to execute arbitrary code and escalate privileges via the updateusers parameter.
Hongcms Project Hongcms 3.0.0
6.5
CVSSv3
CVE-2020-21431
HongCMS v3.0 contains an arbitrary file read and write vulnerability in the component /admin/index.php/template/edit.
Hongcms Project Hongcms 3.0.0
4.8
CVSSv3
CVE-2018-10422
An issue exists in HongCMS 3.0.0. The post news feature has Stored XSS via the content field.
Hongcms Project Hongcms 3.0.0
6.1
CVSSv3
CVE-2019-17610
HongCMS 3.0.0 has XSS via the install/index.php dbpassword parameter.
Hongcms Project Hongcms 3.0.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4541
CVE-2024-3080
CVE-2024-4787
log injection
CVE-2024-5967
inject
CVE-2024-30078
CVE-2024-5899
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »