Product:

Hongcms

(Hongcms_project)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 20
Date Id Summary Products Score Patch Annotated
2023-04-28 CVE-2020-21643 Cross Site Scripting (XSS) vulnerability in HongCMS 3.0 allows attackers to run arbitrary code via the callback parameter to /ajax/myshop. Hongcms 6.1
2023-06-20 CVE-2020-21252 Cross Site Request Forgery vulnerability in Neeke HongCMS 3.0.0 allows a remote attacker to execute arbitrary code and escalate privileges via the updateusers parameter. Hongcms 8.8
2021-05-18 CVE-2020-18178 Path Traversal in HongCMS v4.0.0 allows remote attackers to view, edit, and delete arbitrary files via a crafted POST request to the component "/hcms/admin/index.php/language/ajax." Hongcms 9.8
2021-10-04 CVE-2020-21431 HongCMS v3.0 contains an arbitrary file read and write vulnerability in the component /admin/index.php/template/edit. Hongcms 6.5
2022-04-26 CVE-2022-28523 HongCMS 3.0.0 allows arbitrary file deletion via the component /admin/index.php/template/ajax?action=delete. Hongcms 8.1
2022-07-01 CVE-2022-32411 An issue in the languages config file of HongCMS v3.0 allows attackers to getshell. Hongcms 7.2
2022-07-01 CVE-2022-32412 An issue in the /template/edit component of HongCMS v3.0 allows attackers to getshell. Hongcms 7.2
2019-09-25 CVE-2019-16867 HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/database/ajax?action=delete, a similar issue to CVE-2018-16774. (If the attacker deletes config.php and visits install/index.php, they can reinstall the product.) Hongcms 6.5
2019-10-16 CVE-2019-17611 HongCMS 3.0.0 has XSS via the install/index.php tableprefix parameter. Hongcms N/A
2019-10-16 CVE-2019-17610 HongCMS 3.0.0 has XSS via the install/index.php dbpassword parameter. Hongcms N/A