Sm0Nk

**Name of the Vulnerable Software and Affected Versions** HongCMS version 3.0.0 **Description** An issue was discovered that allows for Arbitrary Script File Upload, which can result in PHP code execution. This is achievable via the "admin/index.php/template/upload" API endpoint. **Recommendations** For HongCMS version 3.0.0, consider restricting access to the "admin/index.php/template/upload" endpoint until a patch is available. As a temporary workaround, disabling the upload functionality in the template section can help minimize the risk of exploitation.