VYPR

HkCms

by HkCms

CVEs (5)

  • CVE-2024-52677CriNov 20, 2024
    risk 0.64cvss 9.8epss 0.01

    HkCms <= v2.3.2.240702 is vulnerable to file upload in the getFileName method in /app/common/library/Upload.php.

  • CVE-2025-25761HigFeb 27, 2025
    risk 0.47cvss 7.2epss 0.00

    HkCms v2.3.2.240702 was discovered to contain an arbitrary file write vulnerability in the component Appcenter.php.

  • CVE-2023-40786MedSep 11, 2023
    risk 0.35cvss 5.4epss 0.00

    HKcms v2.3.0.230709 is vulnerable to Cross Site Scripting (XSS) allowing administrator cookies to be stolen.

  • CVE-2023-1482MedMar 18, 2023
    risk 0.31cvss 4.7epss 0.01

    A vulnerability, which was classified as problematic, was found in HkCms 2.2.4.230206. This affects an unknown part of the file /admin.php/appcenter/local.html?type=addon of the component External Plugin Handler. The manipulation leads to code injection. It is possible to…

  • CVE-2025-5013MedMay 21, 2025
    risk 0.28cvss 4.3epss 0.01

    A vulnerability, which was classified as problematic, was found in HkCms up to 2.3.2.240702. This affects an unknown part of the file /index.php/search/index.html of the component Search. The manipulation of the argument keyword leads to cross site scripting. It is possible to…