Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.2
CVSSv3

CVE-2018-12912

Published: 27/06/2018 Updated: 20/08/2018
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
CVSS v3 Base Score: 7.2 | Impact Score: 5.9 | Exploitability Score: 1.2
VMScore: 655
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Subscribe to Hongcms Project

Vulnerability Summary

An issue wan discovered in admin\controllers\database.php in HongCMS 3.0.0. There is a SQL Injection vulnerability via an admin/index.php/database/operate?dbaction=emptytable&tablename= URI.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

hongcms project hongcms 3.0.0

Exploits

Exploit DB: HongCMS 3.0.0 - (Authenticated) SQL Injection
# Exploit Title: HongCMS 300 - SQL Injection # Google Dork: [if applicable] # Date: 2018/06/26 # Exploit Author: Hzllaga # Vendor Homepage: githubcom/Neeke/HongCMS/ # Software Link: githubcom/Neeke/HongCMS/ # Version: 300 # Tested on: php54 mysql5 # CVE : CVE-2018-12912 POC (Administrator Privilege): /admin/indexphp/databa ...
Exploit DB: HongCMS 3.0.0 SQL Injection
HongCMS version 300 suffers from a remote SQL injection vulnerability ...

References

CWE-89https://github.com/Neeke/HongCMS/issues/4https://www.exploit-db.com/exploits/44953/https://nvd.nist.govhttps://www.exploit-db.com/exploits/44953/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionCVE-2006-4304CVE-2023-26603CVE-2024-28327CVE-2023-50363CVE-2024-21905template injectionCVE-2024-3400cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook