CVE-2018-10423

mc-admin/post.php in MiniCMS 1.10 allows remote attackers to obtain a directory listing of the top-level directory of the web root via a link that becomes available after posting an article...

CVE-2018-10424

mc-admin/post-edit.php in MiniCMS 1.10 allows full path disclosure via a modified id field...

CVE-2018-18890

MiniCMS 1.10 allows full path disclosure via /mc-admin/post.php?state=delete= with an invalid filename...

EUVD-2019-4844

Malware in sbrugna...

EUVD-2012-5154

Malware in sbrugna...

EUVD-2018-10601

Malware in sbrugna...

EUVD-2019-18974

Malware in sbrugna...

EUVD-2018-2495

Malware in sbrugna...

EUVD-2021-31768

Malicious code in bioql PyPI...

CVE-2019-13186

In MiniCMS V1.10, stored XSS was found in mc-admin/post-edit.php via the tags box. An attacker can use it to get a user's cookie. This is different from CVE-2018-10296, CVE-2018-16233, and CVE-2018-20520...

CVE-2018-1000638

MiniCMS version 1.1 contains a Cross Site Scripting XSS vulnerability in http://example.org/mc-admin/page.php?date=payload that can result in code injection...

CVE-2018-16298

An issue was discovered in MiniCMS 1.10. There is an mc-admin/post.php?tag= XSS vulnerability for a state=delete, state=draft, or state=publish request...

CVE-2019-13339

In MiniCMS V1.10, stored XSS was found in mc-admin/page-edit.php content box, which can be used to get a user's cookie...

📄 MiniCMS 1.1 Cross Site Scripting

MiniCMS version 1.1 suffers from a cross site scripting vulnerability. Exploit Title: MiniCMS 1.1 Cross-Site Scripting XSS in date Parameter of mc-admin/page.php Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/bg5sbk/MiniCMS Software Link:...

CVE-2024-31741

Cross Site Scripting vulnerability in MiniCMS v.1.11 allows a remote attacker to run arbitrary code via crafted string in the URL after login...

File Inclusion Vulnerability in MiniCMS Content Management System

MiniCMS content management system is a popular software under Php source channel. A file inclusion vulnerability exists in Minicms, which can be exploited by an attacker to gain control of the server...

CVE-2018-18891

MiniCMS 1.10 allows file deletion via /mc-admin/post.php?state=delete&delete= because the authentication check occurs too late...

CVE-2018-15899

An issue was discovered in MiniCMS 1.10. There is a post.php?date= XSS vulnerability...

miniCMS v1.0 => v2.0 Arbitrary File Upload

Exploit for php platform in category web applications Title : miniCMS v1.0 = v2.0 Arbitrary File Upload Author : Or4nG.M4n Version : all version GDork : "This site is managed using MiniCMSŠ" Download : http://sourceforge.net/projects/mini-cms/files/mini-cms/ Thnks :...