Vulnerabilities > Hongcms Project > Hongcms > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-25 | CVE-2019-16867 | Improper Input Validation vulnerability in Hongcms Project Hongcms 3.0.0 HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/database/ajax?action=delete, a similar issue to CVE-2018-16774. | 5.5 |
| 2019-02-17 | CVE-2019-8407 | Path Traversal vulnerability in Hongcms Project Hongcms 3.0.0 HongCMS 3.0.0 allows arbitrary file read and write operations via a ../ in the filename parameter to the admin/index.php/language/edit URI. | 5.5 |
| 2018-09-10 | CVE-2018-16774 | Path Traversal vulnerability in Hongcms Project Hongcms 3.0.0 HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/language/ajax?action=delete. | 6.4 |
| 2018-06-27 | CVE-2018-12912 | SQL Injection vulnerability in Hongcms Project Hongcms 3.0.0 An issue wan discovered in admin\controllers\database.php in HongCMS 3.0.0. | 6.5 |
| 2018-06-13 | CVE-2018-12266 | Cross-site Scripting vulnerability in Hongcms Project Hongcms 3.0.0 system\errors\404.php in HongCMS 3.0.0 has XSS via crafted input that triggers a 404 HTTP status code. | 4.3 |
| 2018-04-22 | CVE-2018-10265 | Cross-Site Request Forgery (CSRF) vulnerability in Hongcms Project Hongcms 3.0.0 An issue was discovered in HongCMS v3.0.0. | 6.8 |