Hongcms@3.0.0 Security Vulnerabilities and Issues — Hongcms@3.0.0 CVE List | Vulners.com

Lucene search

K

Hongcms ProjectHongcms3.0.0

7 matches found

CVE•added 2019/10/16 10:15 p.m.•92 views

CVE-2019-17610

HongCMS 3.0.0 has XSS via the install/index.php dbpassword parameter.

6.1CVSS6AI score0.00419EPSS

CVE•added 2019/10/16 10:15 p.m.•85 views

CVE-2019-17607

HongCMS 3.0.0 has XSS via the install/index.php servername parameter.

6.1CVSS6AI score0.00419EPSS

CVE•added 2019/10/16 10:15 p.m.•82 views

CVE-2019-17609

HongCMS 3.0.0 has XSS via the install/index.php dbusername parameter.

6.1CVSS6AI score0.00419EPSS

CVE•added 2019/10/16 10:15 p.m.•80 views

CVE-2019-17608

HongCMS 3.0.0 has XSS via the install/index.php dbname parameter.

6.1CVSS6AI score0.00419EPSS

CVE•added 2019/10/16 10:15 p.m.•80 views

CVE-2019-17611

HongCMS 3.0.0 has XSS via the install/index.php tableprefix parameter.

6.1CVSS6AI score0.00419EPSS

CVE•added 2019/09/25 12:15 p.m.•27 views

CVE-2019-16867

HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/database/ajax?action=delete, a similar issue to CVE-2018-16774. (If the attacker deletes config.php and visits install/index.php, they can reinstall the product.)

6.5CVSS6.8AI score0.00523EPSS

CVE•added 2019/02/17 6:29 p.m.•25 views

CVE-2019-8407

HongCMS 3.0.0 allows arbitrary file read and write operations via a ../ in the filename parameter to the admin/index.php/language/edit URI.

6.5CVSS6.4AI score0.00497EPSS