Skip to main content

Hkcms

5 CVEs product

Monthly

CVE-2025-5013 MEDIUM This Month

A vulnerability, which was classified as problematic, was found in HkCms up to 2.3.2.240702. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Hkcms
NVD VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-25761 HIGH This Week

HkCms v2.3.2.240702 was discovered to contain an arbitrary file write vulnerability in the component Appcenter.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure PHP Hkcms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.2%
CVE-2024-52677 CRITICAL Act Now

HkCms <= v2.3.2.240702 is vulnerable to file upload in the getFileName method in /app/common/library/Upload.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Hkcms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-40786 MEDIUM POC This Month

HKcms v2.3.0.230709 is vulnerable to Cross Site Scripting (XSS) allowing administrator cookies to be stolen. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hkcms
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-1482 HIGH POC This Week

A vulnerability, which was classified as problematic, was found in HkCms 2.2.4.230206. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection PHP Hkcms
NVD VulDB
CVSS 3.1
8.8
EPSS
0.8%
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability, which was classified as problematic, was found in HkCms up to 2.3.2.240702. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Hkcms
NVD VulDB
EPSS 0% CVSS 7.2
HIGH This Week

HkCms v2.3.2.240702 was discovered to contain an arbitrary file write vulnerability in the component Appcenter.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure PHP Hkcms
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

HkCms <= v2.3.2.240702 is vulnerable to file upload in the getFileName method in /app/common/library/Upload.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Hkcms
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM POC This Month

HKcms v2.3.0.230709 is vulnerable to Cross Site Scripting (XSS) allowing administrator cookies to be stolen. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hkcms
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

A vulnerability, which was classified as problematic, was found in HkCms 2.2.4.230206. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection PHP +1
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy