CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2019-17608
https://notcve.org/view.php?id=CVE-2019-17608
HongCMS 3.0.0 has XSS via the install/index.php dbname parameter. HongCMS versión 3.0.0, presenta una vulnerabilidad de tipo XSS por medio del parámetro dbname del archivo install/index.php. • https://cdn1.imggmi.com/uploads/2019/10/13/94ef1b084a074ffd9ef63408529aed17-full.png https://cdn1.imggmi.com/uploads/2019/10/13/e561884443c495286993e186f44dfd1f-full.png https://cxsecurity.com/issue/WLB-2019100100 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2019-17607
https://notcve.org/view.php?id=CVE-2019-17607
HongCMS 3.0.0 has XSS via the install/index.php servername parameter. HongCMS versión 3.0.0, presenta una vulnerabilidad de tipo XSS por medio del parámetro servername del archivo install/index.php. • https://cdn1.imggmi.com/uploads/2019/10/13/94ef1b084a074ffd9ef63408529aed17-full.png https://cdn1.imggmi.com/uploads/2019/10/13/e561884443c495286993e186f44dfd1f-full.png https://cxsecurity.com/issue/WLB-2019100100 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-16867
https://notcve.org/view.php?id=CVE-2019-16867
HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/database/ajax?action=delete, a similar issue to CVE-2018-16774. (If the attacker deletes config.php and visits install/index.php, they can reinstall the product.) HongCMS versión 3.0.0, permite la eliminación de archivos arbitrarios por medio de un ../ en el parámetro file en admin/index.php/database/ajax?action=delete, un problema similar a CVE-2018-16774. • https://github.com/Neeke/HongCMS/issues/12 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-8407
https://notcve.org/view.php?id=CVE-2019-8407
HongCMS 3.0.0 allows arbitrary file read and write operations via a ../ in the filename parameter to the admin/index.php/language/edit URI. HongCMS 3.0.0 permite las operaciones de lectura y escritura de archivos arbitrarios mediante un ../ en el parámetro filename en el URI admin/index.php/language/edit. • https://github.com/Neeke/HongCMS/issues/7 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16774
https://notcve.org/view.php?id=CVE-2018-16774
HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/language/ajax?action=delete. HongCMS 3.0.0 permite la eliminación de archivos arbitrarios mediante un ../ en el parámetro file en admin/index.php/language/ajax?action=delete. • https://github.com/Neeke/HongCMS/issues/6 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •