Vulnerabilities > Hongcms Project
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-20 | CVE-2020-21252 | Cross-Site Request Forgery (CSRF) vulnerability in Hongcms Project Hongcms 3.0.0 Cross Site Request Forgery vulnerability in Neeke HongCMS 3.0.0 allows a remote attacker to execute arbitrary code and escalate privileges via the updateusers parameter. | 8.8 |
| 2023-04-28 | CVE-2020-21643 | Cross-site Scripting vulnerability in Hongcms Project Hongcms 3.0.0 Cross Site Scripting (XSS) vulnerability in HongCMS 3.0 allows attackers to run arbitrary code via the callback parameter to /ajax/myshop. | 6.1 |
| 2022-07-01 | CVE-2022-32411 | Unspecified vulnerability in Hongcms Project Hongcms 3.0.0 An issue in the languages config file of HongCMS v3.0 allows attackers to getshell. | 6.5 |
| 2022-07-01 | CVE-2022-32412 | Unspecified vulnerability in Hongcms Project Hongcms 3.0.0 An issue in the /template/edit component of HongCMS v3.0 allows attackers to getshell. | 6.5 |
| 2022-04-26 | CVE-2022-28523 | Path Traversal vulnerability in Hongcms Project Hongcms 3.0.0 HongCMS 3.0.0 allows arbitrary file deletion via the component /admin/index.php/template/ajax?action=delete. | 5.5 |
| 2021-10-04 | CVE-2020-21431 | Unspecified vulnerability in Hongcms Project Hongcms 3.0.0 HongCMS v3.0 contains an arbitrary file read and write vulnerability in the component /admin/index.php/template/edit. | 5.5 |
| 2021-05-18 | CVE-2020-18178 | Path Traversal vulnerability in Hongcms Project Hongcms 4.0.0 Path Traversal in HongCMS v4.0.0 allows remote attackers to view, edit, and delete arbitrary files via a crafted POST request to the component "/hcms/admin/index.php/language/ajax." | 7.5 |
| 2019-10-16 | CVE-2019-17611 | Cross-site Scripting vulnerability in Hongcms Project Hongcms 3.0.0 HongCMS 3.0.0 has XSS via the install/index.php tableprefix parameter. | 4.3 |
| 2019-10-16 | CVE-2019-17610 | Cross-site Scripting vulnerability in Hongcms Project Hongcms 3.0.0 HongCMS 3.0.0 has XSS via the install/index.php dbpassword parameter. | 4.3 |
| 2019-10-16 | CVE-2019-17609 | Cross-site Scripting vulnerability in Hongcms Project Hongcms 3.0.0 HongCMS 3.0.0 has XSS via the install/index.php dbusername parameter. | 4.3 |