Skip to main content

Hongcms CVE-2022-32411

HIGH
2022-07-01 cve@mitre.org
7.2
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.2 HIGH
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Jul 01, 2022 - 22:15 nvd
HIGH 7.2

DescriptionNVD

An issue in the languages config file of HongCMS v3.0 allows attackers to getshell.

AnalysisAI

An issue in the languages config file of HongCMS v3.0 allows attackers to getshell. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

An issue in the languages config file of HongCMS v3.0 allows attackers to getshell. Affected products include: Hongcms Project Hongcms.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2022-28523 HIGH POC
8.1 Apr 26

HongCMS 3.0.0 allows arbitrary file deletion via the component /admin/index.php/template/ajax?action=delete. Rated high

CVE-2018-16774 HIGH POC
7.5 Sep 10

HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/language/ajax?action=del

CVE-2022-32412 HIGH POC
7.2 Jul 01

An issue in the /template/edit component of HongCMS v3.0 allows attackers to getshell. Rated high severity (CVSS 7.2), t

CVE-2018-13021 HIGH POC
7.2 Jun 29

An issue was discovered in HongCMS 3.0.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, lo

CVE-2018-12912 HIGH POC
7.2 Jun 27

An issue wan discovered in admin\controllers\database.php in HongCMS 3.0.0. Rated high severity (CVSS 7.2), this vulnera

CVE-2019-16867 MEDIUM POC
6.5 Sep 25

HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/database/ajax?action=del

CVE-2019-8407 MEDIUM POC
6.5 Feb 17

HongCMS 3.0.0 allows arbitrary file read and write operations via a ../ in the filename parameter to the admin/index.php

CVE-2019-17611 MEDIUM POC
6.1 Oct 16

HongCMS 3.0.0 has XSS via the install/index.php tableprefix parameter. Rated medium severity (CVSS 6.1), this vulnerabil

CVE-2019-17610 MEDIUM POC
6.1 Oct 16

HongCMS 3.0.0 has XSS via the install/index.php dbpassword parameter. Rated medium severity (CVSS 6.1), this vulnerabili

CVE-2019-17609 MEDIUM POC
6.1 Oct 16

HongCMS 3.0.0 has XSS via the install/index.php dbusername parameter. Rated medium severity (CVSS 6.1), this vulnerabili

CVE-2019-17608 MEDIUM POC
6.1 Oct 16

HongCMS 3.0.0 has XSS via the install/index.php dbname parameter. Rated medium severity (CVSS 6.1), this vulnerability i

CVE-2019-17607 MEDIUM POC
6.1 Oct 16

HongCMS 3.0.0 has XSS via the install/index.php servername parameter. Rated medium severity (CVSS 6.1), this vulnerabili

Share

CVE-2022-32411 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy