Vulnerabilities > Hongcms Project > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-20 | CVE-2020-21252 | Cross-Site Request Forgery (CSRF) vulnerability in Hongcms Project Hongcms 3.0.0 Cross Site Request Forgery vulnerability in Neeke HongCMS 3.0.0 allows a remote attacker to execute arbitrary code and escalate privileges via the updateusers parameter. | 8.8 |
| 2021-05-18 | CVE-2020-18178 | Path Traversal vulnerability in Hongcms Project Hongcms 4.0.0 Path Traversal in HongCMS v4.0.0 allows remote attackers to view, edit, and delete arbitrary files via a crafted POST request to the component "/hcms/admin/index.php/language/ajax." | 7.5 |