CVE-2020-18178

Name of the Vulnerable Software and Affected Versions Hongcms versions 4.0.0

Description The issue is related to a path traversal vulnerability in the /hcms/admin/index.php/language/ajax component of the Hongcms content management system. This vulnerability can be exploited by a remote attacker to view, edit, and delete arbitrary files using a specially crafted POST request to the "hcms/admin/index.php/language/ajax" endpoint. The language and ajax parameters are involved in the vulnerability, but specific details about vulnerable parameters or variables are not provided.

Recommendations For Hongcms version 4.0.0, update to a version that includes a fix for this issue, as the current version allows remote attackers to manipulate files. At the moment, there is no information about a newer version that contains a fix for this vulnerability.