miniCMS 1.0 and 2.0 allows remote malicious users to execute arbitrary PHP code via a crafted (1) pagename or (2) area variable containing an executable extension, which is not properly handled by (a) update.php when writing files to content/, or (b) updatenews.php when writing files to content/news/.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
jessgramp minicms 1.0 |
||
jessgramp minicms 2.0 |