Hongcms Project Hongcms — known CVE vulnerabilities
Every CVE whose affected-product data names Hongcms Project Hongcms, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (20)
CVE-2020-18178 — CVSS 9.8 (critical): Path Traversal in HongCMS v4.0.0 allows remote attackers to view, edit, and delete arbitrary files via a crafted POST request to the…
CVE-2020-21252 — CVSS 8.8 (high): Cross Site Request Forgery vulnerability in Neeke HongCMS 3.0.0 allows a remote attacker to execute arbitrary code and escalate privileges…
CVE-2018-10265 — CVSS 8.8 (high): An issue was discovered in HongCMS v3.0.0. There is a CSRF vulnerability that can add an administrator account via the…
CVE-2022-28523 — CVSS 8.1 (high): HongCMS 3.0.0 allows arbitrary file deletion via the component /admin/index.php/template/ajax?action=delete.
CVE-2018-16774 — CVSS 7.5 (high): HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/language/ajax?action=delete.
CVE-2018-12912 — CVSS 7.2 (high): An issue wan discovered in admin\controllers\database.php in HongCMS 3.0.0. There is a SQL Injection vulnerability via an…
CVE-2018-13021 — CVSS 7.2 (high): An issue was discovered in HongCMS 3.0.0. There is an Arbitrary Script File Upload issue that can result in PHP code execution via the…
CVE-2020-21431 — CVSS 6.5 (medium): HongCMS v3.0 contains an arbitrary file read and write vulnerability in the component /admin/index.php/template/edit.
CVE-2019-8407 — CVSS 6.5 (medium): HongCMS 3.0.0 allows arbitrary file read and write operations via a ../ in the filename parameter to the admin/index.php/language/edit URI.
CVE-2019-16867 — CVSS 6.5 (medium): HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/database/ajax?action=delete, a similar…
CVE-2020-21643 — CVSS 6.1 (medium): Cross Site Scripting (XSS) vulnerability in HongCMS 3.0 allows attackers to run arbitrary code via the callback parameter to /ajax/myshop.
CVE-2018-12266 — CVSS 6.1 (medium): system\errors\404.php in HongCMS 3.0.0 has XSS via crafted input that triggers a 404 HTTP status code.