CVE-2020-18178

Published May 18th, 2021

View on NVD ↗

CVSS v3

9.8

CRITICAL

CVSS v2

7.5

HIGH

Affected

PROJECT

Description

Path Traversal in HongCMS v4.0.0 allows remote attackers to view, edit, and delete arbitrary files via a crafted POST request to the component "/hcms/admin/index.php/language/ajax."

Neeke/HongCMS

HongCMS中英文网站系统是一个轻量级的网站系统，访问速度极快，使用简单。程序代码简洁严谨，完全免费开源。可用于建设各种类型的中英文网站，同时它是一个小型开发框架.

GitHub