Vendor

Minicms

Products

CVEs

Across products

Status

Private

Products

Minicms
11 CVEs

Recent CVEs

CVE	Vendor / Product	Risk	CVSS	EPSS	Published	Description
CVE-2012-5231	Jessgramp Minicms	0.03	—	0.05	Oct 1, 2012	miniCMS 1.0 and 2.0 allows remote attackers to execute arbitrary PHP code via a crafted (1) pagename or (2) area variable containing an executable extension, which is not properly handled by (a) update.php when writing files to content/, or (b) updatenews.php when writing files…
CVE-2024-31741	Minicms Minicms	0.00	—	0.00	Apr 26, 2024	Cross Site Scripting vulnerability in MiniCMS v.1.11 allows a remote attacker to run arbitrary code via crafted string in the URL after login.
CVE-2023-46378	Minicms Minicms	0.00	—	0.00	Oct 31, 2023	Stored Cross Site Scripting (XSS) vulnerability in MiniCMS 1.1.1 allows attackers to run arbitrary code via crafted string appended to /mc-admin/conf.php.
CVE-2021-33387	Minicms Minicms	0.00	—	0.01	Feb 24, 2023	Cross Site Scripting Vulnerability in MiniCMS v.1.10 allows attacker to execute arbitrary code via a crafted get request.
CVE-2020-19896	Minicms Minicms	0.00	—	0.01	Jun 28, 2022	File inclusion vulnerability in Minicms v1.9 allows remote attackers to execute arbitary PHP code via post-edit.php.
CVE-2022-33121	Minicms Minicms	0.00	—	0.00	Jun 24, 2022	A Cross-Site Request Forgery (CSRF) in MiniCMS v1.11 allows attackers to arbitrarily delete local .dat files via clicking on a malicious link.
CVE-2021-44970	Minicms Minicms	0.00	—	0.00	Feb 10, 2022	MiniCMS v1.11 was discovered to contain a cross-site scripting (XSS) vulnerability via /mc-admin/page-edit.php.
CVE-2019-9603	Minicms Minicms	0.00	—	0.00	Mar 6, 2019	MiniCMS 1.10 allows mc-admin/post.php?state=publish&delete= CSRF to delete articles, a different vulnerability than CVE-2018-18891.
CVE-2018-18892	Minicms Minicms	0.00	—	0.01	Nov 1, 2018	MiniCMS 1.10 allows execution of arbitrary PHP code via the install.php sitename parameter, which affects the site_name field in mc_conf.php.
CVE-2018-18890	Minicms Minicms	0.00	—	0.00	Nov 1, 2018	MiniCMS 1.10 allows full path disclosure via /mc-admin/post.php?state=delete&delete= with an invalid filename.
CVE-2018-18891	Minicms Minicms	0.00	—	0.00	Nov 1, 2018	MiniCMS 1.10 allows file deletion via /mc-admin/post.php?state=delete&delete= because the authentication check occurs too late.

CVE-2012-5231Oct 1, 2012
Jessgramp
Minicms
risk 0.03cvss —epss 0.05
miniCMS 1.0 and 2.0 allows remote attackers to execute arbitrary PHP code via a crafted (1) pagename or (2) area variable containing an executable extension, which is not properly handled by (a) update.php when writing files to content/, or (b) updatenews.php when writing files…
CVE-2024-31741Apr 26, 2024
Minicms
Minicms
risk 0.00cvss —epss 0.00
Cross Site Scripting vulnerability in MiniCMS v.1.11 allows a remote attacker to run arbitrary code via crafted string in the URL after login.
CVE-2023-46378Oct 31, 2023
Minicms
Minicms
risk 0.00cvss —epss 0.00
Stored Cross Site Scripting (XSS) vulnerability in MiniCMS 1.1.1 allows attackers to run arbitrary code via crafted string appended to /mc-admin/conf.php.
CVE-2021-33387Feb 24, 2023
Minicms
Minicms
risk 0.00cvss —epss 0.01
Cross Site Scripting Vulnerability in MiniCMS v.1.10 allows attacker to execute arbitrary code via a crafted get request.
CVE-2020-19896Jun 28, 2022
Minicms
Minicms
risk 0.00cvss —epss 0.01
File inclusion vulnerability in Minicms v1.9 allows remote attackers to execute arbitary PHP code via post-edit.php.
CVE-2022-33121Jun 24, 2022
Minicms
Minicms
risk 0.00cvss —epss 0.00
A Cross-Site Request Forgery (CSRF) in MiniCMS v1.11 allows attackers to arbitrarily delete local .dat files via clicking on a malicious link.
CVE-2021-44970Feb 10, 2022
Minicms
Minicms
risk 0.00cvss —epss 0.00
MiniCMS v1.11 was discovered to contain a cross-site scripting (XSS) vulnerability via /mc-admin/page-edit.php.
CVE-2019-9603Mar 6, 2019
Minicms
Minicms
risk 0.00cvss —epss 0.00
MiniCMS 1.10 allows mc-admin/post.php?state=publish&delete= CSRF to delete articles, a different vulnerability than CVE-2018-18891.
CVE-2018-18892Nov 1, 2018
Minicms
Minicms
risk 0.00cvss —epss 0.01
MiniCMS 1.10 allows execution of arbitrary PHP code via the install.php sitename parameter, which affects the site_name field in mc_conf.php.
CVE-2018-18890Nov 1, 2018
Minicms
Minicms
risk 0.00cvss —epss 0.00
MiniCMS 1.10 allows full path disclosure via /mc-admin/post.php?state=delete&delete= with an invalid filename.
CVE-2018-18891Nov 1, 2018
Minicms
Minicms
risk 0.00cvss —epss 0.00
MiniCMS 1.10 allows file deletion via /mc-admin/post.php?state=delete&delete= because the authentication check occurs too late.