Vulnerabilities > Hongcms Project

DATE CVE VULNERABILITY TITLE RISK
2022-04-26 CVE-2022-28523 Path Traversal vulnerability in Hongcms Project Hongcms 3.0.0
HongCMS 3.0.0 allows arbitrary file deletion via the component /admin/index.php/template/ajax?action=delete.
network
low complexity
hongcms-project CWE-22
5.5
2021-10-04 CVE-2020-21431 Unspecified vulnerability in Hongcms Project Hongcms 3.0.0
HongCMS v3.0 contains an arbitrary file read and write vulnerability in the component /admin/index.php/template/edit.
network
low complexity
hongcms-project
5.5
2021-05-18 CVE-2020-18178 Path Traversal vulnerability in Hongcms Project Hongcms 4.0.0
Path Traversal in HongCMS v4.0.0 allows remote attackers to view, edit, and delete arbitrary files via a crafted POST request to the component "/hcms/admin/index.php/language/ajax."
network
low complexity
hongcms-project CWE-22
7.5
2019-10-16 CVE-2019-17611 Cross-site Scripting vulnerability in Hongcms Project Hongcms 3.0.0
HongCMS 3.0.0 has XSS via the install/index.php tableprefix parameter.
4.3
2019-10-16 CVE-2019-17610 Cross-site Scripting vulnerability in Hongcms Project Hongcms 3.0.0
HongCMS 3.0.0 has XSS via the install/index.php dbpassword parameter.
4.3
2019-10-16 CVE-2019-17609 Cross-site Scripting vulnerability in Hongcms Project Hongcms 3.0.0
HongCMS 3.0.0 has XSS via the install/index.php dbusername parameter.
4.3
2019-10-16 CVE-2019-17608 Cross-site Scripting vulnerability in Hongcms Project Hongcms 3.0.0
HongCMS 3.0.0 has XSS via the install/index.php dbname parameter.
4.3
2019-10-16 CVE-2019-17607 Cross-site Scripting vulnerability in Hongcms Project Hongcms 3.0.0
HongCMS 3.0.0 has XSS via the install/index.php servername parameter.
4.3
2019-09-25 CVE-2019-16867 Improper Input Validation vulnerability in Hongcms Project Hongcms 3.0.0
HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/database/ajax?action=delete, a similar issue to CVE-2018-16774.
network
low complexity
hongcms-project CWE-20
5.5
2019-02-17 CVE-2019-8407 Path Traversal vulnerability in Hongcms Project Hongcms 3.0.0
HongCMS 3.0.0 allows arbitrary file read and write operations via a ../ in the filename parameter to the admin/index.php/language/edit URI.
network
low complexity
hongcms-project CWE-22
5.5