CVE-2019-16867
Published
CVSS v3
6.5
MEDIUM
CVSS v2
5.5
MEDIUM
Affected
1
PROJECT
Description
HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/database/ajax?action=delete, a similar issue to CVE-2018-16774. (If the attacker deletes config.php and visits install/index.php, they can reinstall the product.)
HongCMS中英文网站系统是一个轻量级的网站系统,访问速度极快,使用简单。程序代码简洁严谨,完全免费开源。 可用于建设各种类型的中英文网站,同时它是一个小型开发框架.
GitHub