hongcms_project CVE Vulnerabilities & CVE List (20)

Products (CPE): — CVEs: 20

hongcms_project vulnerability overview

Aggregates CVE and security vulnerability intelligence across all hongcms_project-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.

Historical issues mainly involve vendor risk cross-site scripting and vendor risk path handling and related security problems, affecting vendor surface software deployment and vendor surface production workloads scenarios.

Vulnerability distribution trend (last 24 months)

Showing 120 of 20 CVEs
«« First « Prev Page 1 / 1 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2020-21252 Cross Site Request Forgery vulnerability in Neeke HongCMS 3.0.0 allows a remote attacker to execute arbitrary code and escalate privileges via the updateusers parameter. [email protected] 8.8 0.38% 2023-06-20 2026-06-16
CVE-2020-21643 Cross Site Scripting (XSS) vulnerability in HongCMS 3.0 allows attackers to run arbitrary code via the callback parameter to /ajax/myshop. [email protected] 6.1 0.41% 2023-04-28 2026-06-16
CVE-2022-32412 An issue in the /template/edit component of HongCMS v3.0 allows attackers to getshell. [email protected] 7.2 0.86% 2022-07-01 2026-06-17
CVE-2022-32411 An issue in the languages config file of HongCMS v3.0 allows attackers to getshell. [email protected] 7.2 0.86% 2022-07-01 2026-06-17
CVE-2022-28523 HongCMS 3.0.0 allows arbitrary file deletion via the component /admin/index.php/template/ajax?action=delete. [email protected] 8.1 1.06% 2022-04-26 2026-06-17
CVE-2020-21431 HongCMS v3.0 contains an arbitrary file read and write vulnerability in the component /admin/index.php/template/edit. [email protected] 6.5 0.91% 2021-10-04 2026-06-16
CVE-2020-18178 Path Traversal in HongCMS v4.0.0 allows remote attackers to view, edit, and delete arbitrary files via a crafted POST request to the component "/hcms/admin/index.php/language/ajax." [email protected] 9.8 1.75% 2021-05-18 2026-06-16
CVE-2019-17611 HongCMS 3.0.0 has XSS via the install/index.php tableprefix parameter. [email protected] 6.1 1.03% 2019-10-16 2026-06-16
CVE-2019-17610 HongCMS 3.0.0 has XSS via the install/index.php dbpassword parameter. [email protected] 6.1 1.03% 2019-10-16 2026-06-16
CVE-2019-17609 HongCMS 3.0.0 has XSS via the install/index.php dbusername parameter. [email protected] 6.1 1.03% 2019-10-16 2026-06-16
CVE-2019-17608 HongCMS 3.0.0 has XSS via the install/index.php dbname parameter. [email protected] 6.1 1.03% 2019-10-16 2026-06-16
CVE-2019-17607 HongCMS 3.0.0 has XSS via the install/index.php servername parameter. [email protected] 6.1 1.03% 2019-10-16 2026-06-16
CVE-2019-16867 HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/database/ajax?action=delete, a similar issue to CVE-2018-16774. (If the attacker deletes config.php and visits install/index.php, they can reinstall the product.) [email protected] 6.5 1.12% 2019-09-25 2026-06-16
CVE-2019-8407 HongCMS 3.0.0 allows arbitrary file read and write operations via a ../ in the filename parameter to the admin/index.php/language/edit URI. [email protected] 6.5 1.45% 2019-02-17 2026-06-16
CVE-2018-16774 HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/language/ajax?action=delete. [email protected] 7.5 1.62% 2018-09-10 2026-06-16
CVE-2018-13021 An issue was discovered in HongCMS 3.0.0. There is an Arbitrary Script File Upload issue that can result in PHP code execution via the admin/index.php/template/upload URI. [email protected] 7.2 2.20% 2018-06-29 2026-06-16
CVE-2018-12912 An issue wan discovered in admin\controllers\database.php in HongCMS 3.0.0. There is a SQL Injection vulnerability via an admin/index.php/database/operate?dbaction=emptytable&tablename= URI. [email protected] 7.2 2.68% 2018-06-27 2026-06-16
CVE-2018-12266 system\errors\404.php in HongCMS 3.0.0 has XSS via crafted input that triggers a 404 HTTP status code. [email protected] 6.1 0.71% 2018-06-13 2026-06-16
CVE-2018-10422 An issue was discovered in HongCMS 3.0.0. The post news feature has Stored XSS via the content field. [email protected] 4.8 0.53% 2018-04-26 2026-06-16
CVE-2018-10265 An issue was discovered in HongCMS v3.0.0. There is a CSRF vulnerability that can add an administrator account via the admin/index.php/users/save URI. [email protected] 8.8 0.46% 2018-04-21 2026-06-16
«« First « Prev Page 1 / 1 Next »
cvelogic Threat Intelligence