Vulnerabilities > Hongcms Project > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-20 | CVE-2020-21252 | Cross-Site Request Forgery (CSRF) vulnerability in Hongcms Project Hongcms 3.0.0 Cross Site Request Forgery vulnerability in Neeke HongCMS 3.0.0 allows a remote attacker to execute arbitrary code and escalate privileges via the updateusers parameter. | 8.8 |
| 2022-07-01 | CVE-2022-32411 | Unspecified vulnerability in Hongcms Project Hongcms 3.0.0 An issue in the languages config file of HongCMS v3.0 allows attackers to getshell. | 7.2 |
| 2022-07-01 | CVE-2022-32412 | Unspecified vulnerability in Hongcms Project Hongcms 3.0.0 An issue in the /template/edit component of HongCMS v3.0 allows attackers to getshell. | 7.2 |
| 2022-04-26 | CVE-2022-28523 | Path Traversal vulnerability in Hongcms Project Hongcms 3.0.0 HongCMS 3.0.0 allows arbitrary file deletion via the component /admin/index.php/template/ajax?action=delete. | 8.1 |
| 2018-09-10 | CVE-2018-16774 | Path Traversal vulnerability in Hongcms Project Hongcms 3.0.0 HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/language/ajax?action=delete. | 7.5 |
| 2018-06-29 | CVE-2018-13021 | Unrestricted Upload of File with Dangerous Type vulnerability in Hongcms Project Hongcms 3.0.0 An issue was discovered in HongCMS 3.0.0. | 7.2 |
| 2018-06-27 | CVE-2018-12912 | SQL Injection vulnerability in Hongcms Project Hongcms 3.0.0 An issue wan discovered in admin\controllers\database.php in HongCMS 3.0.0. | 7.2 |
| 2018-04-22 | CVE-2018-10265 | Cross-Site Request Forgery (CSRF) vulnerability in Hongcms Project Hongcms 3.0.0 An issue was discovered in HongCMS v3.0.0. | 8.8 |