Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
minicms vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2012-5231
miniCMS 1.0 and 2.0 allows remote malicious users to execute arbitrary PHP code via a crafted (1) pagename or (2) area variable containing an executable extension, which is not properly handled by (a) update.php when writing files to content/, or (b) updatenews.php when writing f...
Jessgramp Minicms 1.0
Jessgramp Minicms 2.0
1 EDB exploit
6.1
CVSSv3
CVE-2018-17039
MiniCMS 1.10, when Internet Explorer is used, allows XSS via a crafted URI because $_SERVER['REQUEST_URI'] is mishandled.
1234n Minicms 1.10
8.8
CVSSv3
CVE-2018-9092
There is a CSRF vulnerability in mc-admin/conf.php in MiniCMS 1.10 that can change the administrator account password.
1234n Minicms 1.10
1 EDB exploit
2.7
CVSSv3
CVE-2018-10424
mc-admin/post-edit.php in MiniCMS 1.10 allows full path disclosure via a modified id field.
1234n Minicms 1.10
6.1
CVSSv3
CVE-2018-15899
An issue exists in MiniCMS 1.10. There is a post.php?date= XSS vulnerability.
1234n Minicms 1.10
6.1
CVSSv3
CVE-2018-1000638
MiniCMS version 1.1 contains a Cross Site Scripting (XSS) vulnerability in http://example.org/mc-admin/page.php?date={payload} that can result in code injection.
1234n Minicms 1.1
5.4
CVSSv3
CVE-2018-10227
MiniCMS v1.10 has XSS via the mc-admin/conf.php site_link parameter.
1234n Minicms 1.10
6.5
CVSSv3
CVE-2019-9603
MiniCMS 1.10 allows mc-admin/post.php?state=publish&delete= CSRF to delete articles, a different vulnerability than CVE-2018-18891.
1234n Minicms 1.10
6.1
CVSSv3
CVE-2018-20520
MiniCMS V1.10 has XSS via the mc-admin/post-edit.php query string, a related issue to CVE-2018-10296 and CVE-2018-16233.
1234n Minicms 1.10
6.1
CVSSv3
CVE-2018-10296
MiniCMS V1.10 has XSS via the mc-admin/post-edit.php title parameter.
1234n Minicms 1.10
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-40673
CVE-2024-36674
CVE-2024-27348
unspecified
CVE-2024-24919
CVE-2024-4870
malicious code
CVE-2024-2019
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »