VYPR
Vendor

Neeke

Products
1
CVEs
7
Across products
7
Status
Private

Products

1

Recent CVEs

7
  • CVE-2020-18178CriMay 18, 2021
    risk 0.64cvss 9.8epss 0.02

    Path Traversal in HongCMS v4.0.0 allows remote attackers to view, edit, and delete arbitrary files via a crafted POST request to the component "/hcms/admin/index.php/language/ajax."

  • CVE-2020-21252HigJun 20, 2023
    risk 0.57cvss 8.8epss 0.00

    Cross Site Request Forgery vulnerability in Neeke HongCMS 3.0.0 allows a remote attacker to execute arbitrary code and escalate privileges via the updateusers parameter.

  • CVE-2018-10265HigApr 22, 2018
    risk 0.57cvss 8.8epss 0.00

    An issue was discovered in HongCMS v3.0.0. There is a CSRF vulnerability that can add an administrator account via the admin/index.php/users/save URI.

  • CVE-2018-16774HigSep 10, 2018
    risk 0.49cvss 7.5epss 0.02

    HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/language/ajax?action=delete.

  • CVE-2018-13021HigJun 29, 2018
    risk 0.47cvss 7.2epss 0.02

    An issue was discovered in HongCMS 3.0.0. There is an Arbitrary Script File Upload issue that can result in PHP code execution via the admin/index.php/template/upload URI.

  • CVE-2020-21431MedOct 4, 2021
    risk 0.42cvss 6.5epss 0.01

    HongCMS v3.0 contains an arbitrary file read and write vulnerability in the component /admin/index.php/template/edit.

  • CVE-2019-16867MedSep 25, 2019
    risk 0.42cvss 6.5epss 0.01

    HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/database/ajax?action=delete, a similar issue to CVE-2018-16774. (If the attacker deletes config.php and visits install/index.php, they can reinstall the product.)