Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
1234n minicms 1.10 vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2018-10423
mc-admin/post.php in MiniCMS 1.10 allows remote malicious users to obtain a directory listing of the top-level directory of the web root via a link that becomes available after posting an article.
1234n Minicms 1.10
4
CVSSv2
CVE-2018-10424
mc-admin/post-edit.php in MiniCMS 1.10 allows full path disclosure via a modified id field.
1234n Minicms 1.10
4.3
CVSSv2
CVE-2018-16233
MiniCMS V1.10 has XSS via the mc-admin/post-edit.php tags parameter.
1234n Minicms 1.10
4.3
CVSSv2
CVE-2018-16298
An issue exists in MiniCMS 1.10. There is an mc-admin/post.php?tag= XSS vulnerability for a state=delete, state=draft, or state=publish request.
1234n Minicms 1.10
4.3
CVSSv2
CVE-2018-15899
An issue exists in MiniCMS 1.10. There is a post.php?date= XSS vulnerability.
1234n Minicms 1.10
5
CVSSv2
CVE-2018-18890
MiniCMS 1.10 allows full path disclosure via /mc-admin/post.php?state=delete&delete= with an invalid filename.
1234n Minicms 1.10
6.4
CVSSv2
CVE-2018-18891
MiniCMS 1.10 allows file deletion via /mc-admin/post.php?state=delete&delete= because the authentication check occurs too late.
1234n Minicms 1.10
7.5
CVSSv2
CVE-2018-18892
MiniCMS 1.10 allows execution of arbitrary PHP code via the install.php sitename parameter, which affects the site_name field in mc_conf.php.
1234n Minicms 1.10
4.3
CVSSv2
CVE-2019-13186
In MiniCMS V1.10, stored XSS was found in mc-admin/post-edit.php via the tags box. An attacker can use it to get a user's cookie. This is different from CVE-2018-10296, CVE-2018-16233, and CVE-2018-20520.
1234n Minicms 1.10
4.3
CVSSv2
CVE-2020-17999
Cross Site Scripting (XSS) in MiniCMS v1.10 allows remote malicious users to execute arbitrary code by injecting commands via a crafted HTTP request to the component "/mc-admin/post-edit.php".
1234n Minicms 1.10
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »