Lucene search
K

177 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 11:12 p.m.7 views

CVE-2022-32411

An issue in the languages config file of HongCMS v3.0 allows attackers to getshell...

7.2CVSS6.9AI score0.00863EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:57 p.m.8 views

CVE-2022-32412

An issue in the /template/edit component of HongCMS v3.0 allows attackers to getshell...

7.2CVSS6.9AI score0.00863EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:42 p.m.6 views

CVE-2022-28523

HongCMS 3.0.0 allows arbitrary file deletion via the component /admin/index.php/template/ajax?action=delete...

8.1CVSS7.1AI score0.01029EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:1 p.m.8 views

CVE-2020-18178

Path Traversal in HongCMS v4.0.0 allows remote attackers to view, edit, and delete arbitrary files via a crafted POST request to the component "/hcms/admin/index.php/language/ajax."...

9.8CVSS7AI score0.01745EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 3:51 p.m.12 views

CVE-2020-21252

Cross Site Request Forgery vulnerability in Neeke HongCMS 3.0.0 allows a remote attacker to execute arbitrary code and escalate privileges via the updateusers parameter...

8.8CVSS8.1AI score0.00429EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 3:49 p.m.6 views

CVE-2020-21643

Cross Site Scripting XSS vulnerability in HongCMS 3.0 allows attackers to run arbitrary code via the callback parameter to /ajax/myshop...

6.1CVSS6.1AI score0.00406EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 3:18 p.m.8 views

CVE-2020-21431

HongCMS v3.0 contains an arbitrary file read and write vulnerability in the component /admin/index.php/template/edit...

6.5CVSS7AI score0.0091EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 7:56 a.m.7 views

CVE-2019-16867

HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/database/ajax?action=delete, a similar issue to CVE-2018-16774. If the attacker deletes config.php and visits install/index.php, they can reinstall the product...

7.5CVSS6.9AI score0.01619EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:50 a.m.6 views

CVE-2018-10422

An issue was discovered in HongCMS 3.0.0. The post news feature has Stored XSS via the content field...

4.8CVSS5.7AI score0.00534EPSS
Exploits1References1
CNVD
CNVD
added 2023/06/28 12:0 a.m.19 views

HongCMS Cross-Site Request Forgery Vulnerability (CNVD-2023-54439)

HongCMS is an open source lightweight content management system CMS. A cross-site request forgery CSRF vulnerability exists in HongCMS version 3.0.0. An attacker can exploit this vulnerability to execute arbitrary code and elevate privileges via the updateusers parameter...

8.8CVSS7.7AI score0.00429EPSS
Exploits1References1
NVD
NVD
added 2023/06/20 3:15 p.m.23 views

CVE-2020-21252

Cross Site Request Forgery vulnerability in Neeke HongCMS 3.0.0 allows a remote attacker to execute arbitrary code and escalate privileges via the updateusers parameter...

8.8CVSS9.1AI score0.00429EPSS
Exploits1References1
OSV
OSV
added 2023/06/20 3:15 p.m.2 views

CVE-2020-21252

Cross Site Request Forgery vulnerability in Neeke HongCMS 3.0.0 allows a remote attacker to execute arbitrary code and escalate privileges via the updateusers parameter...

8.8CVSS6.1AI score0.00429EPSS
Exploits1References1
Prion
Prion
added 2023/06/20 3:15 p.m.17 views

Cross site request forgery (csrf)

Cross Site Request Forgery vulnerability in Neeke HongCMS 3.0.0 allows a remote attacker to execute arbitrary code and escalate privileges via the updateusers parameter...

6.8CVSS9AI score0.00429EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2023/06/20 12:0 a.m.30 views

CVE-2020-21252

Cross Site Request Forgery vulnerability in Neeke HongCMS 3.0.0 allows a remote attacker to execute arbitrary code and escalate privileges via the updateusers parameter...

9.1AI score0.00429EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/06/20 12:0 a.m.11 views

CVE-2020-21252

Cross Site Request Forgery vulnerability in Neeke HongCMS 3.0.0 allows a remote attacker to execute arbitrary code and escalate privileges via the updateusers parameter...

8.3AI score0.00429EPSS
Exploits1References1
CVE
CVE
added 2023/06/20 12:0 a.m.50 views

CVE-2020-21252

CVE-2020-21252 affects Neeke HongCMS 3.0.0. The vulnerability is a CSRF issue that can let an attacker remotely execute arbitrary code and elevate privileges via the updateusers parameter. Documented under CVE-2020-21252 with CVSS v3.1: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (base score 8.8). Exploi...

8.8CVSS9AI score0.00429EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2023/06/20 12:0 a.m.15 views

HongCMS 跨站请求伪造漏洞

HongCMS is an open source lightweight content management system CMS. A cross-site request forgery CSRF vulnerability exists in HongCMS version 3.0.0. An attacker can exploit this vulnerability to execute arbitrary code and elevate privileges via the updateusers parameter...

8.8CVSS7.7AI score0.00429EPSS
Exploits1References2
CNVD
CNVD
added 2023/05/10 12:0 a.m.8 views

HongCMS Cross-Site Scripting Vulnerability (CNVD-2023-36284)

HongCMS is an open source lightweight content management system CMS. A cross-site scripting vulnerability exists in HongCMS version 3.0, which originates from running arbitrary code via the callback parameter of /ajax/myshop. An attacker can exploit this vulnerability to perform a cross-site...

6.1CVSS6.4AI score0.00406EPSS
Exploits1References1
NVD
NVD
added 2023/04/28 8:15 p.m.17 views

CVE-2020-21643

Cross Site Scripting XSS vulnerability in HongCMS 3.0 allows attackers to run arbitrary code via the callback parameter to /ajax/myshop...

6.1CVSS6AI score0.00406EPSS
Exploits1References1
OSV
OSV
added 2023/04/28 8:15 p.m.5 views

CVE-2020-21643

Cross Site Scripting XSS vulnerability in HongCMS 3.0 allows attackers to run arbitrary code via the callback parameter to /ajax/myshop...

6.1CVSS6AI score0.00406EPSS
Exploits1References1
Rows per page
Query Builder