Minicms

minicms

Vendor: 1234n • 35 CVEs

CVEs (35)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-15458 11234n 1Minicms Apr 29, 2026 Jan 5, 2026 5.5 MEDIUM· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A vulnerability was determined in bg5sbk MiniCMS up to 1.8. This affects an unknown function of the file /mc-admin/post-edit.php of the component Article Handler. Executing a manipulation can lead to improper authenticat...Show more A vulnerability was determined in bg5sbk MiniCMS up to 1.8. This affects an unknown function of the file /mc-admin/post-edit.php of the component Article Handler. Executing a manipulation can lead to improper authentication. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2025-15457 11234n 1Minicms Apr 29, 2026 Jan 5, 2026 5.5 MEDIUM· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A vulnerability was found in bg5sbk MiniCMS up to 1.8. The impacted element is an unknown function of the file /minicms/mc-admin/post.php of the component Trash File Restore Handler. Performing a manipulation results in...Show more A vulnerability was found in bg5sbk MiniCMS up to 1.8. The impacted element is an unknown function of the file /minicms/mc-admin/post.php of the component Trash File Restore Handler. Performing a manipulation results in improper authentication. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2025-15456 11234n 1Minicms Apr 29, 2026 Jan 5, 2026 5.5 MEDIUM· v4 7.5 HIGH· v3 7.5 HIGH· v2 A vulnerability has been found in bg5sbk MiniCMS up to 1.8. The affected element is an unknown function of the file /mc-admin/page-edit.php of the component Publish Page Handler. Such manipulation leads to improper authe...Show more A vulnerability has been found in bg5sbk MiniCMS up to 1.8. The affected element is an unknown function of the file /mc-admin/page-edit.php of the component Publish Page Handler. Such manipulation leads to improper authentication. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The existence of this vulnerability is still disputed at present. The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2025-15455 11234n 1Minicms Apr 29, 2026 Jan 5, 2026 5.5 MEDIUM· v4 6.5 MEDIUM· v3 6.4 MEDIUM· v2 A flaw has been found in bg5sbk MiniCMS up to 1.8. Impacted is the function delete_page of the file /minicms/mc-admin/page.php of the component File Recovery Request Handler. This manipulation causes improper authenticat...Show more A flaw has been found in bg5sbk MiniCMS up to 1.8. Impacted is the function delete_page of the file /minicms/mc-admin/page.php of the component File Recovery Request Handler. This manipulation causes improper authentication. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2024-9282 11234n 1Minicms Aug 20, 2025 Sep 27, 2024 6.9 MEDIUM· v4 4.3 MEDIUM· v3 5.0 MEDIUM· v2 A vulnerability was found in bg5sbk MiniCMS 1.11. It has been classified as problematic. Affected is an unknown function of the file page-edit.php. The manipulation leads to cross-site request forgery. It is possible to...Show more A vulnerability was found in bg5sbk MiniCMS 1.11. It has been classified as problematic. Affected is an unknown function of the file page-edit.php. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions confusing version and file name information. The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2024-9281 11234n 1Minicms Aug 20, 2025 Sep 27, 2024 6.9 MEDIUM· v4 4.3 MEDIUM· v3 5.0 MEDIUM· v2 A vulnerability was found in bg5sbk MiniCMS up to 1.11 and classified as problematic. This issue affects some unknown processing of the file post-edit.php. The manipulation leads to cross-site request forgery. The attack...Show more A vulnerability was found in bg5sbk MiniCMS up to 1.11 and classified as problematic. This issue affects some unknown processing of the file post-edit.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions confusing version and file name information. The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2024-31741 11234n 1Minicms Apr 18, 2025 Apr 26, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Cross Site Scripting vulnerability in MiniCMS v.1.11 allows a remote attacker to run arbitrary code via crafted string in the URL after login.
CVE-2023-46378 11234n 1Minicms Nov 21, 2024 Oct 31, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Stored Cross Site Scripting (XSS) vulnerability in MiniCMS 1.1.1 allows attackers to run arbitrary code via crafted string appended to /mc-admin/conf.php.
CVE-2021-33387 11234n 1Minicms Mar 12, 2025 Feb 24, 2023 N/A· v4 9.6 CRITICAL· v3 N/A· v2 Cross Site Scripting Vulnerability in MiniCMS v.1.10 allows attacker to execute arbitrary code via a crafted get request.
CVE-2020-19896 11234n 1Minicms Nov 21, 2024 Jun 28, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 File inclusion vulnerability in Minicms v1.9 allows remote attackers to execute arbitary PHP code via post-edit.php.
CVE-2022-33121 11234n 1Minicms Nov 21, 2024 Jun 24, 2022 N/A· v4 8.1 HIGH· v3 5.8 MEDIUM· v2 A Cross-Site Request Forgery (CSRF) in MiniCMS v1.11 allows attackers to arbitrarily delete local .dat files via clicking on a malicious link.
CVE-2021-41663 11234n 1Minicms Nov 21, 2024 Jun 13, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 A cross-site scripting (XSS) vulnerability exists in Mini CMS V1.11. The vulnerability exists in the article upload: post-edit.php page.
CVE-2021-44970 11234n 1Minicms Nov 21, 2024 Feb 10, 2022 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 MiniCMS v1.11 was discovered to contain a cross-site scripting (XSS) vulnerability via /mc-admin/page-edit.php.
CVE-2020-17999 11234n 1Minicms Nov 21, 2024 Apr 28, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross Site Scripting (XSS) in MiniCMS v1.10 allows remote attackers to execute arbitrary code by injecting commands via a crafted HTTP request to the component "/mc-admin/post-edit.php".
CVE-2020-36052 11234n 1Minicms Nov 21, 2024 Jan 5, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Directory traversal vulnerability in post-edit.php in MiniCMS V1.10 allows remote attackers to include and execute arbitrary files via the state parameter.
CVE-2020-36051 11234n 1Minicms Nov 21, 2024 Jan 5, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Directory traversal vulnerability in page_edit.php in MiniCMS V1.10 allows remote attackers to read arbitrary files via the state parameter.
CVE-2019-13341 11234n 1Minicms Nov 21, 2024 Jul 5, 2019 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 In MiniCMS V1.10, stored XSS was found in mc-admin/conf.php (comment box), which can be used to get a user's cookie.
CVE-2019-13340 11234n 1Minicms Nov 21, 2024 Jul 5, 2019 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 In MiniCMS V1.10, stored XSS was found in mc-admin/post-edit.php via the content box. An attacker can use it to get a user's cookie. This is different from CVE-2018-10296, CVE-2018-16233, CVE-2018-20520, and CVE-2019-131...Show more In MiniCMS V1.10, stored XSS was found in mc-admin/post-edit.php via the content box. An attacker can use it to get a user's cookie. This is different from CVE-2018-10296, CVE-2018-16233, CVE-2018-20520, and CVE-2019-13186.Show less
CVE-2019-13339 11234n 1Minicms Nov 21, 2024 Jul 5, 2019 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 In MiniCMS V1.10, stored XSS was found in mc-admin/page-edit.php (content box), which can be used to get a user's cookie.
CVE-2019-13186 11234n 1Minicms Nov 21, 2024 Jul 3, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 In MiniCMS V1.10, stored XSS was found in mc-admin/post-edit.php via the tags box. An attacker can use it to get a user's cookie. This is different from CVE-2018-10296, CVE-2018-16233, and CVE-2018-20520.

12 Next