CVE-2019-8407
HongCMS 3.0.0 is affected by CVE-2019-8407 due to a path traversal in the filename parameter of admin/index.php/language/edit, allowing arbitrary file read and write. The underlying cause is improper handling of "../" in the filename, enabling access to sensitive files. Impact: partial confidenti...