Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hongcms project hongcms 3.0.0 vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2018-12912
An issue wan discovered in admin\controllers\database.php in HongCMS 3.0.0. There is a SQL Injection vulnerability via an admin/index.php/database/operate?dbaction=emptytable&tablename= URI.
Hongcms Project Hongcms 3.0.0
1 EDB exploit
6.5
CVSSv2
CVE-2022-32411
An issue in the languages config file of HongCMS v3.0 allows malicious users to getshell.
Hongcms Project Hongcms 3.0.0
6.5
CVSSv2
CVE-2022-32412
An issue in the /template/edit component of HongCMS v3.0 allows malicious users to getshell.
Hongcms Project Hongcms 3.0.0
NA
CVE-2020-21252
Cross Site Request Forgery vulnerability in Neeke HongCMS 3.0.0 allows a remote malicious user to execute arbitrary code and escalate privileges via the updateusers parameter.
Hongcms Project Hongcms 3.0.0
5.5
CVSSv2
CVE-2019-8407
HongCMS 3.0.0 allows arbitrary file read and write operations via a ../ in the filename parameter to the admin/index.php/language/edit URI.
Hongcms Project Hongcms 3.0.0
6.4
CVSSv2
CVE-2018-16774
HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/language/ajax?action=delete.
Hongcms Project Hongcms 3.0.0
4.3
CVSSv2
CVE-2018-12266
system\errors\404.php in HongCMS 3.0.0 has XSS via crafted input that triggers a 404 HTTP status code.
Hongcms Project Hongcms 3.0.0
6.8
CVSSv2
CVE-2018-10265
An issue exists in HongCMS v3.0.0. There is a CSRF vulnerability that can add an administrator account via the admin/index.php/users/save URI.
Hongcms Project Hongcms 3.0.0
4.3
CVSSv2
CVE-2019-17607
HongCMS 3.0.0 has XSS via the install/index.php servername parameter.
Hongcms Project Hongcms 3.0.0
4.3
CVSSv2
CVE-2019-17608
HongCMS 3.0.0 has XSS via the install/index.php dbname parameter.
Hongcms Project Hongcms 3.0.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site request forgery
CVE-2024-34351
CVE-2024-1076
CVE-2024-25522
CVE-2024-34547
CVE-2024-4644
unauthorized
remote
CVE-2024-4671
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »