Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hongcms project hongcms 3.0.0 vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2019-17609
HongCMS 3.0.0 has XSS via the install/index.php dbusername parameter.
Hongcms Project Hongcms 3.0.0
7.5
CVSSv3
CVE-2018-16774
HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/language/ajax?action=delete.
Hongcms Project Hongcms 3.0.0
6.1
CVSSv3
CVE-2018-12266
system\errors\404.php in HongCMS 3.0.0 has XSS via crafted input that triggers a 404 HTTP status code.
Hongcms Project Hongcms 3.0.0
6.5
CVSSv3
CVE-2019-16867
HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/database/ajax?action=delete, a similar issue to CVE-2018-16774. (If the attacker deletes config.php and visits install/index.php, they can reinstall the product.)
Hongcms Project Hongcms 3.0.0
7.2
CVSSv3
CVE-2018-12912
An issue wan discovered in admin\controllers\database.php in HongCMS 3.0.0. There is a SQL Injection vulnerability via an admin/index.php/database/operate?dbaction=emptytable&tablename= URI.
Hongcms Project Hongcms 3.0.0
1 EDB exploit
7.2
CVSSv3
CVE-2018-13021
An issue exists in HongCMS 3.0.0. There is an Arbitrary Script File Upload issue that can result in PHP code execution via the admin/index.php/template/upload URI.
Hongcms Project Hongcms 3.0.0
8.1
CVSSv3
CVE-2022-28523
HongCMS 3.0.0 allows arbitrary file deletion via the component /admin/index.php/template/ajax?action=delete.
Hongcms Project Hongcms 3.0.0
6.5
CVSSv3
CVE-2020-21431
HongCMS v3.0 contains an arbitrary file read and write vulnerability in the component /admin/index.php/template/edit.
Hongcms Project Hongcms 3.0.0
6.1
CVSSv3
CVE-2020-21643
Cross Site Scripting (XSS) vulnerability in HongCMS 3.0 allows malicious users to run arbitrary code via the callback parameter to /ajax/myshop.
Hongcms Project Hongcms 3.0.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32886
insecure direct object reference
CVE-2024-34342
file inclusion
CVE-2024-34562
CVE-2024-34347
CVE-2024-26026
CVE-2024-4647
unprivileged
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2