CVE-2020-21431
https://notcve.org/view.php?id=CVE-2020-21431
HongCMS v3.0 contains an arbitrary file read and write vulnerability in the component /admin/index.php/template/edit. HongCMS versión v3.0, contiene una vulnerabilidad de lectura y escritura de archivos arbitrarios en el componente /admin/index.php/template/edit • https://github.com/Neeke/HongCMS/issues/14 •
CVE-2019-17611
https://notcve.org/view.php?id=CVE-2019-17611
HongCMS 3.0.0 has XSS via the install/index.php tableprefix parameter. HongCMS versión 3.0.0, presenta una vulnerabilidad de tipo XSS por medio del parámetro tableprefix del archivo install/index.php. • https://cdn1.imggmi.com/uploads/2019/10/13/94ef1b084a074ffd9ef63408529aed17-full.png https://cdn1.imggmi.com/uploads/2019/10/13/e561884443c495286993e186f44dfd1f-full.png https://cxsecurity.com/issue/WLB-2019100100 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-17610
https://notcve.org/view.php?id=CVE-2019-17610
HongCMS 3.0.0 has XSS via the install/index.php dbpassword parameter. HongCMS versión 3.0.0, presenta una vulnerabilidad de tipo XSS por medio del parámetro dbpassword del archivo install/index.php. • https://cdn1.imggmi.com/uploads/2019/10/13/94ef1b084a074ffd9ef63408529aed17-full.png https://cdn1.imggmi.com/uploads/2019/10/13/e561884443c495286993e186f44dfd1f-full.png https://cxsecurity.com/issue/WLB-2019100100 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-17609
https://notcve.org/view.php?id=CVE-2019-17609
HongCMS 3.0.0 has XSS via the install/index.php dbusername parameter. HongCMS versión 3.0.0, presenta una vulnerabilidad de tipo XSS por medio del parámetro dbusername del archivo install/index.php. • https://cdn1.imggmi.com/uploads/2019/10/13/94ef1b084a074ffd9ef63408529aed17-full.png https://cdn1.imggmi.com/uploads/2019/10/13/e561884443c495286993e186f44dfd1f-full.png https://cxsecurity.com/issue/WLB-2019100100 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-17608
https://notcve.org/view.php?id=CVE-2019-17608
HongCMS 3.0.0 has XSS via the install/index.php dbname parameter. HongCMS versión 3.0.0, presenta una vulnerabilidad de tipo XSS por medio del parámetro dbname del archivo install/index.php. • https://cdn1.imggmi.com/uploads/2019/10/13/94ef1b084a074ffd9ef63408529aed17-full.png https://cdn1.imggmi.com/uploads/2019/10/13/e561884443c495286993e186f44dfd1f-full.png https://cxsecurity.com/issue/WLB-2019100100 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •