Neeke
Products
1- 7 CVEs
Recent CVEs
7| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-18178 | Cri | 0.64 | 9.8 | 0.02 | May 18, 2021 | Path Traversal in HongCMS v4.0.0 allows remote attackers to view, edit, and delete arbitrary files via a crafted POST request to the component "/hcms/admin/index.php/language/ajax." | ||
| CVE-2020-21252 | Hig | 0.57 | 8.8 | 0.00 | Jun 20, 2023 | Cross Site Request Forgery vulnerability in Neeke HongCMS 3.0.0 allows a remote attacker to execute arbitrary code and escalate privileges via the updateusers parameter. | ||
| CVE-2018-10265 | Hig | 0.57 | 8.8 | 0.00 | Apr 22, 2018 | An issue was discovered in HongCMS v3.0.0. There is a CSRF vulnerability that can add an administrator account via the admin/index.php/users/save URI. | ||
| CVE-2018-16774 | Hig | 0.49 | 7.5 | 0.02 | Sep 10, 2018 | HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/language/ajax?action=delete. | ||
| CVE-2018-13021 | Hig | 0.47 | 7.2 | 0.02 | Jun 29, 2018 | An issue was discovered in HongCMS 3.0.0. There is an Arbitrary Script File Upload issue that can result in PHP code execution via the admin/index.php/template/upload URI. | ||
| CVE-2020-21431 | Med | 0.42 | 6.5 | 0.01 | Oct 4, 2021 | HongCMS v3.0 contains an arbitrary file read and write vulnerability in the component /admin/index.php/template/edit. | ||
| CVE-2019-16867 | Med | 0.42 | 6.5 | 0.01 | Sep 25, 2019 | HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/database/ajax?action=delete, a similar issue to CVE-2018-16774. (If the attacker deletes config.php and visits install/index.php, they can reinstall the product.) |
- risk 0.64cvss 9.8epss 0.02
Path Traversal in HongCMS v4.0.0 allows remote attackers to view, edit, and delete arbitrary files via a crafted POST request to the component "/hcms/admin/index.php/language/ajax."
- risk 0.57cvss 8.8epss 0.00
Cross Site Request Forgery vulnerability in Neeke HongCMS 3.0.0 allows a remote attacker to execute arbitrary code and escalate privileges via the updateusers parameter.
- risk 0.57cvss 8.8epss 0.00
An issue was discovered in HongCMS v3.0.0. There is a CSRF vulnerability that can add an administrator account via the admin/index.php/users/save URI.
- risk 0.49cvss 7.5epss 0.02
HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/language/ajax?action=delete.
- risk 0.47cvss 7.2epss 0.02
An issue was discovered in HongCMS 3.0.0. There is an Arbitrary Script File Upload issue that can result in PHP code execution via the admin/index.php/template/upload URI.
- risk 0.42cvss 6.5epss 0.01
HongCMS v3.0 contains an arbitrary file read and write vulnerability in the component /admin/index.php/template/edit.
- risk 0.42cvss 6.5epss 0.01
HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/database/ajax?action=delete, a similar issue to CVE-2018-16774. (If the attacker deletes config.php and visits install/index.php, they can reinstall the product.)