VYPR
Critical severity9.8NVD Advisory· Published May 18, 2021· Updated Jun 17, 2026

CVE-2020-18178

CVE-2020-18178

Description

Path Traversal in HongCMS v4.0.0 allows remote attackers to view, edit, and delete arbitrary files via a crafted POST request to the component "/hcms/admin/index.php/language/ajax."

Affected products

2
  • HongCMS/HongCMSdescription
  • Neeke/Hongcmsllm-fuzzy
    Range: =4.0.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.