Iminho

iminho

2 CVEs • 1 product

Products (1)

Click to collapse

Toggle

Mindoc

mindoc

2 CVEs

CVEs (2)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-29637 1Iminho 1Mindoc Jun 17, 2026 May 26, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 An arbitrary file upload vulnerability in Mindoc v2.1-beta.5 allows attackers to execute arbitrary commands via a crafted Zip file.
CVE-2018-19114 1Iminho 1Mindoc Nov 21, 2024 Nov 8, 2018 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 An issue was discovered in MinDoc through v1.0.2. It allows attackers to gain privileges by uploading an image file with contents that represent an admin session, and then sending a Cookie: header with a mindoc_id value...Show more An issue was discovered in MinDoc through v1.0.2. It allows attackers to gain privileges by uploading an image file with contents that represent an admin session, and then sending a Cookie: header with a mindoc_id value containing the relative pathname of this uploaded file. For example, the mindoc_id (aka session ID) could be of the form aa/../../uploads/blog/201811/attach_#.jpg where '#' is a hex value displayed in the upload field of a manage/blogs/edit/ screen.Show less

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2022-29637

1Iminho

1Mindoc

Jun 17, 2026

May 26, 2022

N/A· v4

7.8 HIGH· v3

6.8 MEDIUM· v2

An arbitrary file upload vulnerability in Mindoc v2.1-beta.5 allows attackers to execute arbitrary commands via a crafted Zip file.

CVE-2018-19114

1Iminho

1Mindoc

Nov 21, 2024

Nov 8, 2018

N/A· v4

8.8 HIGH· v3

6.5 MEDIUM· v2

An issue was discovered in MinDoc through v1.0.2. It allows attackers to gain privileges by uploading an image file with contents that represent an admin session, and then sending a Cookie: header with a mindoc_id value containing the relative pathname of this uploaded file. For example, the mindoc_id (aka session ID) could be of the form aa/../../uploads/blog/201811/attach_#.jpg where '#' is a hex value displayed in the upload field of a manage/blogs/edit/ screen.Show less