CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2020-21252
https://notcve.org/view.php?id=CVE-2020-21252
20 Jun 2023 — Cross Site Request Forgery vulnerability in Neeke HongCMS 3.0.0 allows a remote attacker to execute arbitrary code and escalate privileges via the updateusers parameter. • https://github.com/Neeke/HongCMS/issues/13 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-21643
https://notcve.org/view.php?id=CVE-2020-21643
28 Apr 2023 — Cross Site Scripting (XSS) vulnerability in HongCMS 3.0 allows attackers to run arbitrary code via the callback parameter to /ajax/myshop. • https://github.com/Neeke/HongCMS/issues/15 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2022-32412
https://notcve.org/view.php?id=CVE-2022-32412
01 Jul 2022 — An issue in the /template/edit component of HongCMS v3.0 allows attackers to getshell. Un problema en el componente /template/edit de HongCMS versión v3.0, permite a atacantes a getshell • https://github.com/Neeke/HongCMS/issues/19 •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2022-32411
https://notcve.org/view.php?id=CVE-2022-32411
01 Jul 2022 — An issue in the languages config file of HongCMS v3.0 allows attackers to getshell. Un problema en el archivo de configuración de idiomas de HongCMS versión v3.0, permite a atacantes a getshell • https://github.com/Neeke/HongCMS/issues/18 •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-28523
https://notcve.org/view.php?id=CVE-2022-28523
26 Apr 2022 — HongCMS 3.0.0 allows arbitrary file deletion via the component /admin/index.php/template/ajax?action=delete. HongCMS versión 3.0.0, permite la eliminación arbitraria de archivos por medio del componente /admin/index.php/template/ajax?action=delete • https://github.com/Neeke/HongCMS/issues/17 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-21431
https://notcve.org/view.php?id=CVE-2020-21431
04 Oct 2021 — HongCMS v3.0 contains an arbitrary file read and write vulnerability in the component /admin/index.php/template/edit. HongCMS versión v3.0, contiene una vulnerabilidad de lectura y escritura de archivos arbitrarios en el componente /admin/index.php/template/edit • https://github.com/Neeke/HongCMS/issues/14 •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2020-18178
https://notcve.org/view.php?id=CVE-2020-18178
18 May 2021 — Path Traversal in HongCMS v4.0.0 allows remote attackers to view, edit, and delete arbitrary files via a crafted POST request to the component "/hcms/admin/index.php/language/ajax." Un Salto de Ruta en HongCMS versión v4.0.0, permite a atacantes remotos visualizar, editar y eliminar archivos arbitrarios por medio de una petición POST diseñada al componente "/hcms/admin/index.php/language/ajax" • https://github.com/Neeke/HongCMS/issues/11 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2019-17611
https://notcve.org/view.php?id=CVE-2019-17611
16 Oct 2019 — HongCMS 3.0.0 has XSS via the install/index.php tableprefix parameter. HongCMS versión 3.0.0, presenta una vulnerabilidad de tipo XSS por medio del parámetro tableprefix del archivo install/index.php. • https://cdn1.imggmi.com/uploads/2019/10/13/94ef1b084a074ffd9ef63408529aed17-full.png • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2019-17610
https://notcve.org/view.php?id=CVE-2019-17610
16 Oct 2019 — HongCMS 3.0.0 has XSS via the install/index.php dbpassword parameter. HongCMS versión 3.0.0, presenta una vulnerabilidad de tipo XSS por medio del parámetro dbpassword del archivo install/index.php. • https://cdn1.imggmi.com/uploads/2019/10/13/94ef1b084a074ffd9ef63408529aed17-full.png • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2019-17609
https://notcve.org/view.php?id=CVE-2019-17609
16 Oct 2019 — HongCMS 3.0.0 has XSS via the install/index.php dbusername parameter. HongCMS versión 3.0.0, presenta una vulnerabilidad de tipo XSS por medio del parámetro dbusername del archivo install/index.php. • https://cdn1.imggmi.com/uploads/2019/10/13/94ef1b084a074ffd9ef63408529aed17-full.png • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •