Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 7:56 a.m.7 views

CVE-2019-16867

HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/database/ajax?action=delete, a similar issue to CVE-2018-16774. If the attacker deletes config.php and visits install/index.php, they can reinstall the product...

7.5CVSS6.9AI score0.01619EPSS
Exploits2References1
NVD
NVD
added 2019/09/25 12:15 p.m.21 views

CVE-2019-16867

HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/database/ajax?action=delete, a similar issue to CVE-2018-16774. If the attacker deletes config.php and visits install/index.php, they can reinstall the product...

6.5CVSS6.9AI score0.01116EPSS
Exploits1References1
Cvelist
Cvelist
added 2019/09/25 11:56 a.m.22 views

CVE-2019-16867

HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/database/ajax?action=delete, a similar issue to CVE-2018-16774. If the attacker deletes config.php and visits install/index.php, they can reinstall the product...

6.7AI score0.01116EPSS
Exploits1References1
CVE
CVE
added 2019/09/25 11:56 a.m.39 views

CVE-2019-16867

HongCMS 3.0.0 is affected by a path-traversal vulnerability allowing arbitrary file deletion via a ../ in the file parameter to admin/index.php/database/ajax?action=delete (and similar CVE-2018-16774 path). Root cause is insufficient validation of the file path, enabling deletion of critical file...

6.5CVSS6.8AI score0.01116EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder