Description

A vulnerability was found in bg5sbk MiniCMS up to 1.8. The impacted element is an unknown function of the file /minicms/mc-admin/post.php of the component Trash File Restore Handler. Performing a manipulation results in improper authentication. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Related CPE's

Could not find any relations

References

https://github.com/ueh1013/VULN/issues/12

https://vuldb.com/?ctiid.339490

https://vuldb.com/?id.339490

https://vuldb.com/?submit.725139

Weaknesses

[email protected]

Primary
CWE-287

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

7.3 · High

Information

Source identifier

[email protected]

Vulnerability status

Received

Published

2026-01-05T05:15:54.157Z

43 hours ago

Last modified

2026-01-05T05:15:54.157Z

43 hours ago