Skip to main content

Hongcms

16 CVEs product

Monthly

CVE-2022-32412 HIGH POC This Week

An issue in the /template/edit component of HongCMS v3.0 allows attackers to getshell. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Hongcms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-32411 HIGH POC This Week

An issue in the languages config file of HongCMS v3.0 allows attackers to getshell. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Hongcms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-28523 HIGH POC This Week

HongCMS 3.0.0 allows arbitrary file deletion via the component /admin/index.php/template/ajax?action=delete. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Hongcms
NVD GitHub
CVSS 3.1
8.1
EPSS
1.1%
CVE-2019-17611 MEDIUM POC This Month

HongCMS 3.0.0 has XSS via the install/index.php tableprefix parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Hongcms
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2019-17610 MEDIUM POC This Month

HongCMS 3.0.0 has XSS via the install/index.php dbpassword parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Hongcms
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2019-17609 MEDIUM POC This Month

HongCMS 3.0.0 has XSS via the install/index.php dbusername parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Hongcms
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2019-17608 MEDIUM POC This Month

HongCMS 3.0.0 has XSS via the install/index.php dbname parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Hongcms
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2019-17607 MEDIUM POC This Month

HongCMS 3.0.0 has XSS via the install/index.php servername parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Hongcms
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2019-16867 MEDIUM POC This Month

HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/database/ajax?action=delete, a similar issue to CVE-2018-16774. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Hongcms
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2019-8407 MEDIUM POC This Month

HongCMS 3.0.0 allows arbitrary file read and write operations via a ../ in the filename parameter to the admin/index.php/language/edit URI. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Hongcms
NVD GitHub
CVSS 3.0
6.5
EPSS
1.5%
CVE-2018-16774 HIGH POC This Week

HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/language/ajax?action=delete. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Hongcms
NVD GitHub
CVSS 3.0
7.5
EPSS
1.6%
CVE-2018-13021 HIGH POC This Week

An issue was discovered in HongCMS 3.0.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Hongcms
NVD GitHub
CVSS 3.0
7.2
EPSS
2.2%
CVE-2018-12912 HIGH POC This Week

An issue wan discovered in admin\controllers\database.php in HongCMS 3.0.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Hongcms
NVD GitHub Exploit-DB
CVSS 3.0
7.2
EPSS
2.7%
CVE-2018-12266 MEDIUM POC This Month

system\errors\404.php in HongCMS 3.0.0 has XSS via crafted input that triggers a 404 HTTP status code. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Hongcms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-10422 MEDIUM POC This Month

An issue was discovered in HongCMS 3.0.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hongcms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-10265 HIGH This Week

An issue was discovered in HongCMS v3.0.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF PHP Hongcms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
EPSS 1% CVSS 7.2
HIGH POC This Week

An issue in the /template/edit component of HongCMS v3.0 allows attackers to getshell. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Hongcms
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

An issue in the languages config file of HongCMS v3.0 allows attackers to getshell. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Hongcms
NVD GitHub
EPSS 1% CVSS 8.1
HIGH POC This Week

HongCMS 3.0.0 allows arbitrary file deletion via the component /admin/index.php/template/ajax?action=delete. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Hongcms
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

HongCMS 3.0.0 has XSS via the install/index.php tableprefix parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Hongcms
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

HongCMS 3.0.0 has XSS via the install/index.php dbpassword parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Hongcms
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

HongCMS 3.0.0 has XSS via the install/index.php dbusername parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Hongcms
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

HongCMS 3.0.0 has XSS via the install/index.php dbname parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Hongcms
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

HongCMS 3.0.0 has XSS via the install/index.php servername parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Hongcms
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/database/ajax?action=delete, a similar issue to CVE-2018-16774. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Hongcms
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

HongCMS 3.0.0 allows arbitrary file read and write operations via a ../ in the filename parameter to the admin/index.php/language/edit URI. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Hongcms
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC This Week

HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/language/ajax?action=delete. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Hongcms
NVD GitHub
EPSS 2% CVSS 7.2
HIGH POC This Week

An issue was discovered in HongCMS 3.0.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP +1
NVD GitHub
EPSS 3% CVSS 7.2
HIGH POC This Week

An issue wan discovered in admin\controllers\database.php in HongCMS 3.0.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Hongcms
NVD GitHub Exploit-DB
EPSS 1% CVSS 6.1
MEDIUM POC This Month

system\errors\404.php in HongCMS 3.0.0 has XSS via crafted input that triggers a 404 HTTP status code. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Hongcms
NVD GitHub
EPSS 1% CVSS 4.8
MEDIUM POC This Month

An issue was discovered in HongCMS 3.0.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hongcms
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

An issue was discovered in HongCMS v3.0.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF PHP Hongcms
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy