Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
An issue in the languages config file of HongCMS v3.0 allows attackers to getshell.
AnalysisAI
An issue in the languages config file of HongCMS v3.0 allows attackers to getshell. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
An issue in the languages config file of HongCMS v3.0 allows attackers to getshell. Affected products include: Hongcms Project Hongcms.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
HongCMS 3.0.0 allows arbitrary file deletion via the component /admin/index.php/template/ajax?action=delete. Rated high
HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/language/ajax?action=del
An issue in the /template/edit component of HongCMS v3.0 allows attackers to getshell. Rated high severity (CVSS 7.2), t
An issue was discovered in HongCMS 3.0.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, lo
An issue wan discovered in admin\controllers\database.php in HongCMS 3.0.0. Rated high severity (CVSS 7.2), this vulnera
HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/database/ajax?action=del
HongCMS 3.0.0 allows arbitrary file read and write operations via a ../ in the filename parameter to the admin/index.php
HongCMS 3.0.0 has XSS via the install/index.php tableprefix parameter. Rated medium severity (CVSS 6.1), this vulnerabil
HongCMS 3.0.0 has XSS via the install/index.php dbpassword parameter. Rated medium severity (CVSS 6.1), this vulnerabili
HongCMS 3.0.0 has XSS via the install/index.php dbusername parameter. Rated medium severity (CVSS 6.1), this vulnerabili
HongCMS 3.0.0 has XSS via the install/index.php dbname parameter. Rated medium severity (CVSS 6.1), this vulnerability i
HongCMS 3.0.0 has XSS via the install/index.php servername parameter. Rated medium severity (CVSS 6.1), this vulnerabili
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today