Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hongcms project hongcms 3.0.0 vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2020-21431
HongCMS v3.0 contains an arbitrary file read and write vulnerability in the component /admin/index.php/template/edit.
Hongcms Project Hongcms 3.0.0
4.8
CVSSv3
CVE-2018-10422
An issue exists in HongCMS 3.0.0. The post news feature has Stored XSS via the content field.
Hongcms Project Hongcms 3.0.0
6.5
CVSSv3
CVE-2019-16867
HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/database/ajax?action=delete, a similar issue to CVE-2018-16774. (If the attacker deletes config.php and visits install/index.php, they can reinstall the product.)
Hongcms Project Hongcms 3.0.0
7.2
CVSSv3
CVE-2022-32411
An issue in the languages config file of HongCMS v3.0 allows malicious users to getshell.
Hongcms Project Hongcms 3.0.0
6.1
CVSSv3
CVE-2019-17608
HongCMS 3.0.0 has XSS via the install/index.php dbname parameter.
Hongcms Project Hongcms 3.0.0
6.1
CVSSv3
CVE-2019-17609
HongCMS 3.0.0 has XSS via the install/index.php dbusername parameter.
Hongcms Project Hongcms 3.0.0
6.1
CVSSv3
CVE-2019-17610
HongCMS 3.0.0 has XSS via the install/index.php dbpassword parameter.
Hongcms Project Hongcms 3.0.0
6.1
CVSSv3
CVE-2019-17611
HongCMS 3.0.0 has XSS via the install/index.php tableprefix parameter.
Hongcms Project Hongcms 3.0.0
7.2
CVSSv3
CVE-2018-13021
An issue exists in HongCMS 3.0.0. There is an Arbitrary Script File Upload issue that can result in PHP code execution via the admin/index.php/template/upload URI.
Hongcms Project Hongcms 3.0.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2