Vulnerabilities > Hongcms Project

DATE CVE VULNERABILITY TITLE RISK
2023-06-20 CVE-2020-21252 Cross-Site Request Forgery (CSRF) vulnerability in Hongcms Project Hongcms 3.0.0
Cross Site Request Forgery vulnerability in Neeke HongCMS 3.0.0 allows a remote attacker to execute arbitrary code and escalate privileges via the updateusers parameter.
network
low complexity
hongcms-project CWE-352
8.8
2023-04-28 CVE-2020-21643 Cross-site Scripting vulnerability in Hongcms Project Hongcms 3.0.0
Cross Site Scripting (XSS) vulnerability in HongCMS 3.0 allows attackers to run arbitrary code via the callback parameter to /ajax/myshop.
network
low complexity
hongcms-project CWE-79
6.1
2022-07-01 CVE-2022-32411 Unspecified vulnerability in Hongcms Project Hongcms 3.0.0
An issue in the languages config file of HongCMS v3.0 allows attackers to getshell.
network
low complexity
hongcms-project
7.2
2022-07-01 CVE-2022-32412 Unspecified vulnerability in Hongcms Project Hongcms 3.0.0
An issue in the /template/edit component of HongCMS v3.0 allows attackers to getshell.
network
low complexity
hongcms-project
7.2
2022-04-26 CVE-2022-28523 Path Traversal vulnerability in Hongcms Project Hongcms 3.0.0
HongCMS 3.0.0 allows arbitrary file deletion via the component /admin/index.php/template/ajax?action=delete.
network
low complexity
hongcms-project CWE-22
8.1
2021-10-04 CVE-2020-21431 Unspecified vulnerability in Hongcms Project Hongcms 3.0.0
HongCMS v3.0 contains an arbitrary file read and write vulnerability in the component /admin/index.php/template/edit.
network
low complexity
hongcms-project
6.5
2021-05-18 CVE-2020-18178 Path Traversal vulnerability in Hongcms Project Hongcms 4.0.0
Path Traversal in HongCMS v4.0.0 allows remote attackers to view, edit, and delete arbitrary files via a crafted POST request to the component "/hcms/admin/index.php/language/ajax."
network
low complexity
hongcms-project CWE-22
critical
9.8
2019-10-16 CVE-2019-17611 Cross-site Scripting vulnerability in Hongcms Project Hongcms 3.0.0
HongCMS 3.0.0 has XSS via the install/index.php tableprefix parameter.
network
low complexity
hongcms-project CWE-79
6.1
2019-10-16 CVE-2019-17610 Cross-site Scripting vulnerability in Hongcms Project Hongcms 3.0.0
HongCMS 3.0.0 has XSS via the install/index.php dbpassword parameter.
network
low complexity
hongcms-project CWE-79
6.1
2019-10-16 CVE-2019-17609 Cross-site Scripting vulnerability in Hongcms Project Hongcms 3.0.0
HongCMS 3.0.0 has XSS via the install/index.php dbusername parameter.
network
low complexity
hongcms-project CWE-79
6.1