177 matches found
CVE-2022-32411
An issue in the languages config file of HongCMS v3.0 allows attackers to getshell...
CVE-2022-32412
An issue in the /template/edit component of HongCMS v3.0 allows attackers to getshell...
CVE-2022-28523
HongCMS 3.0.0 allows arbitrary file deletion via the component /admin/index.php/template/ajax?action=delete...
CVE-2020-18178
Path Traversal in HongCMS v4.0.0 allows remote attackers to view, edit, and delete arbitrary files via a crafted POST request to the component "/hcms/admin/index.php/language/ajax."...
CVE-2020-21252
Cross Site Request Forgery vulnerability in Neeke HongCMS 3.0.0 allows a remote attacker to execute arbitrary code and escalate privileges via the updateusers parameter...
CVE-2020-21643
Cross Site Scripting XSS vulnerability in HongCMS 3.0 allows attackers to run arbitrary code via the callback parameter to /ajax/myshop...
CVE-2020-21431
HongCMS v3.0 contains an arbitrary file read and write vulnerability in the component /admin/index.php/template/edit...
CVE-2019-16867
HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/database/ajax?action=delete, a similar issue to CVE-2018-16774. If the attacker deletes config.php and visits install/index.php, they can reinstall the product...
CVE-2018-10422
An issue was discovered in HongCMS 3.0.0. The post news feature has Stored XSS via the content field...
HongCMS Cross-Site Request Forgery Vulnerability (CNVD-2023-54439)
HongCMS is an open source lightweight content management system CMS. A cross-site request forgery CSRF vulnerability exists in HongCMS version 3.0.0. An attacker can exploit this vulnerability to execute arbitrary code and elevate privileges via the updateusers parameter...
CVE-2020-21252
Cross Site Request Forgery vulnerability in Neeke HongCMS 3.0.0 allows a remote attacker to execute arbitrary code and escalate privileges via the updateusers parameter...
CVE-2020-21252
Cross Site Request Forgery vulnerability in Neeke HongCMS 3.0.0 allows a remote attacker to execute arbitrary code and escalate privileges via the updateusers parameter...
Cross site request forgery (csrf)
Cross Site Request Forgery vulnerability in Neeke HongCMS 3.0.0 allows a remote attacker to execute arbitrary code and escalate privileges via the updateusers parameter...
CVE-2020-21252
Cross Site Request Forgery vulnerability in Neeke HongCMS 3.0.0 allows a remote attacker to execute arbitrary code and escalate privileges via the updateusers parameter...
CVE-2020-21252
Cross Site Request Forgery vulnerability in Neeke HongCMS 3.0.0 allows a remote attacker to execute arbitrary code and escalate privileges via the updateusers parameter...
CVE-2020-21252
CVE-2020-21252 affects Neeke HongCMS 3.0.0. The vulnerability is a CSRF issue that can let an attacker remotely execute arbitrary code and elevate privileges via the updateusers parameter. Documented under CVE-2020-21252 with CVSS v3.1: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (base score 8.8). Exploi...
HongCMS 跨站请求伪造漏洞
HongCMS is an open source lightweight content management system CMS. A cross-site request forgery CSRF vulnerability exists in HongCMS version 3.0.0. An attacker can exploit this vulnerability to execute arbitrary code and elevate privileges via the updateusers parameter...
HongCMS Cross-Site Scripting Vulnerability (CNVD-2023-36284)
HongCMS is an open source lightweight content management system CMS. A cross-site scripting vulnerability exists in HongCMS version 3.0, which originates from running arbitrary code via the callback parameter of /ajax/myshop. An attacker can exploit this vulnerability to perform a cross-site...
CVE-2020-21643
Cross Site Scripting XSS vulnerability in HongCMS 3.0 allows attackers to run arbitrary code via the callback parameter to /ajax/myshop...
CVE-2020-21643
Cross Site Scripting XSS vulnerability in HongCMS 3.0 allows attackers to run arbitrary code via the callback parameter to /ajax/myshop...