PT-2019-15229 · Hongcms · Hongcms

Published

2019-10-16

Updated

2019-10-18

CVE-2019-17609

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions HongCMS version 3.0.0

Description The issue is related to a security problem where an attacker can inject malicious code. The estimated number of potentially affected devices is not provided. Technical details about exploitation include the dbusername parameter in the "install/index.php" endpoint.

Recommendations For HongCMS version 3.0.0, update to a version that fixes the issue, as using the dbusername parameter in the "install/index.php" endpoint can lead to security problems. As a temporary workaround, consider restricting access to the "install/index.php" endpoint until a patch is available.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2019-17609

Affected Products

Hongcms

PT-2019-15229 · Hongcms · Hongcms

CVE-2019-17609

Weakness Enumeration

Related Identifiers

Affected Products

References · 5