cbcvebase.

1234N Minicms vulnerabilities

35 known vulnerabilities affecting 1234n/minicms.

Total CVEs
35
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
CRITICAL6HIGH5MEDIUM22LOW2

Vulnerabilities

Page 1 of 2
CVE-2018-9092P3HIGHCVSS 8.8PoCv1.102018-03-27
CVE-2018-9092 [HIGH] CWE-352 CVE-2018-9092: There is a CSRF vulnerability in mc-admin/conf.php in MiniCMS 1.10 that can change the administrator There is a CSRF vulnerability in mc-admin/conf.php in MiniCMS 1.10 that can change the administrator account password.
nvd
CVE-2025-15457P2CRITICALCVSS 9.8≤ 1.82026-01-05
CVE-2025-15457 [CRITICAL] CWE-287 CVE-2025-15457: A vulnerability was found in bg5sbk MiniCMS up to 1.8. The impacted element is an unknown function o A vulnerability was found in bg5sbk MiniCMS up to 1.8. The impacted element is an unknown function of the file /minicms/mc-admin/post.php of the component Trash File Restore Handler. Performing a manipulation results in improper authentication. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The
nvd
CVE-2025-15458P3CRITICALCVSS 9.8≤ 1.82026-01-05
CVE-2025-15458 [CRITICAL] CWE-287 CVE-2025-15458: A vulnerability was determined in bg5sbk MiniCMS up to 1.8. This affects an unknown function of the A vulnerability was determined in bg5sbk MiniCMS up to 1.8. This affects an unknown function of the file /mc-admin/post-edit.php of the component Article Handler. Executing a manipulation can lead to improper authentication. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was con
nvd
CVE-2020-36052P3CRITICALCVSS 9.8v1.102021-01-05
CVE-2020-36052 [CRITICAL] CWE-22 CVE-2020-36052: Directory traversal vulnerability in post-edit.php in MiniCMS V1.10 allows remote attackers to inclu Directory traversal vulnerability in post-edit.php in MiniCMS V1.10 allows remote attackers to include and execute arbitrary files via the state parameter.
nvd
CVE-2018-1000638P3MEDIUMCVSS 6.1PoCv1.12018-08-20
CVE-2018-1000638 [MEDIUM] CWE-79 CVE-2018-1000638: MiniCMS version 1.1 contains a Cross Site Scripting (XSS) vulnerability in http://example.org/mc-adm MiniCMS version 1.1 contains a Cross Site Scripting (XSS) vulnerability in http://example.org/mc-admin/page.php?date={payload} that can result in code injection.
nvd
CVE-2018-18892P3CRITICALCVSS 9.8v1.102018-11-01
CVE-2018-18892 [CRITICAL] CWE-94 CVE-2018-18892: MiniCMS 1.10 allows execution of arbitrary PHP code via the install.php sitename parameter, which af MiniCMS 1.10 allows execution of arbitrary PHP code via the install.php sitename parameter, which affects the site_name field in mc_conf.php.
nvd
CVE-2020-19896P3CRITICALCVSS 9.8v1.92022-06-28
CVE-2020-19896 [CRITICAL] CVE-2020-19896: File inclusion vulnerability in Minicms v1.9 allows remote attackers to execute arbitary PHP code vi File inclusion vulnerability in Minicms v1.9 allows remote attackers to execute arbitary PHP code via post-edit.php.
nvd
CVE-2025-15456P3HIGHCVSS 7.5≤ 1.82026-01-05
CVE-2025-15456 [HIGH] CWE-287 CVE-2025-15456: A vulnerability has been found in bg5sbk MiniCMS up to 1.8. The affected element is an unknown funct A vulnerability has been found in bg5sbk MiniCMS up to 1.8. The affected element is an unknown function of the file /mc-admin/page-edit.php of the component Publish Page Handler. Such manipulation leads to improper authentication. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The existence of th
nvd
CVE-2020-36051P3HIGHCVSS 7.5v1.102021-01-05
CVE-2020-36051 [HIGH] CWE-22 CVE-2020-36051: Directory traversal vulnerability in page_edit.php in MiniCMS V1.10 allows remote attackers to read Directory traversal vulnerability in page_edit.php in MiniCMS V1.10 allows remote attackers to read arbitrary files via the state parameter.
nvd
CVE-2025-15455P3MEDIUMCVSS 6.5≤ 1.82026-01-05
CVE-2025-15455 [MEDIUM] CWE-287 CVE-2025-15455: A flaw has been found in bg5sbk MiniCMS up to 1.8. Impacted is the function delete_page of the file A flaw has been found in bg5sbk MiniCMS up to 1.8. Impacted is the function delete_page of the file /minicms/mc-admin/page.php of the component File Recovery Request Handler. This manipulation causes improper authentication. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor was contacted ear
nvd
CVE-2019-13339P4MEDIUMCVSS 4.8PoCv1.102019-07-05
CVE-2019-13339 [MEDIUM] CWE-79 CVE-2019-13339: In MiniCMS V1.10, stored XSS was found in mc-admin/page-edit.php (content box), which can be used to In MiniCMS V1.10, stored XSS was found in mc-admin/page-edit.php (content box), which can be used to get a user's cookie.
nvd
CVE-2018-18891P3HIGHCVSS 7.5v1.102018-11-01
CVE-2018-18891 [HIGH] CWE-287 CVE-2018-18891: MiniCMS 1.10 allows file deletion via /mc-admin/post.php?state=delete&delete= because the authentica MiniCMS 1.10 allows file deletion via /mc-admin/post.php?state=delete&delete= because the authentication check occurs too late.
nvd
CVE-2021-33387P4CRITICALCVSS 9.6v1.102023-02-24
CVE-2021-33387 [CRITICAL] CWE-79 CVE-2021-33387: Cross Site Scripting Vulnerability in MiniCMS v.1.10 allows attacker to execute arbitrary code via a Cross Site Scripting Vulnerability in MiniCMS v.1.10 allows attacker to execute arbitrary code via a crafted get request.
nvd
CVE-2022-33121P4HIGHCVSS 8.1v1.112022-06-24
CVE-2022-33121 [HIGH] CWE-352 CVE-2022-33121: A Cross-Site Request Forgery (CSRF) in MiniCMS v1.11 allows attackers to arbitrarily delete local .d A Cross-Site Request Forgery (CSRF) in MiniCMS v1.11 allows attackers to arbitrarily delete local .dat files via clicking on a malicious link.
nvd
CVE-2020-17999P4MEDIUMCVSS 6.1v1.102021-04-28
CVE-2020-17999 [MEDIUM] CWE-79 CVE-2020-17999: Cross Site Scripting (XSS) in MiniCMS v1.10 allows remote attackers to execute arbitrary code by inj Cross Site Scripting (XSS) in MiniCMS v1.10 allows remote attackers to execute arbitrary code by injecting commands via a crafted HTTP request to the component "/mc-admin/post-edit.php".
nvd
CVE-2019-9603P4MEDIUMCVSS 6.5v1.102019-03-06
CVE-2019-9603 [MEDIUM] CVE-2019-9603: MiniCMS 1.10 allows mc-admin/post.php?state=publish&delete= CSRF to delete articles, a different vul MiniCMS 1.10 allows mc-admin/post.php?state=publish&delete= CSRF to delete articles, a different vulnerability than CVE-2018-18891.
nvd
CVE-2018-18890P4MEDIUMCVSS 5.3v1.102018-11-01
CVE-2018-18890 [MEDIUM] CWE-22 CVE-2018-18890: MiniCMS 1.10 allows full path disclosure via /mc-admin/post.php?state=delete&delete= with an invalid MiniCMS 1.10 allows full path disclosure via /mc-admin/post.php?state=delete&delete= with an invalid filename.
nvd
CVE-2024-31741P4MEDIUMCVSS 6.1v1.112024-04-26
CVE-2024-31741 [MEDIUM] CWE-79 CVE-2024-31741: Cross Site Scripting vulnerability in MiniCMS v.1.11 allows a remote attacker to run arbitrary code Cross Site Scripting vulnerability in MiniCMS v.1.11 allows a remote attacker to run arbitrary code via crafted string in the URL after login.
nvd
CVE-2018-10227P4MEDIUMCVSS 5.4v1.102018-04-19
CVE-2018-10227 [MEDIUM] CWE-79 CVE-2018-10227: MiniCMS v1.10 has XSS via the mc-admin/conf.php site_link parameter. MiniCMS v1.10 has XSS via the mc-admin/conf.php site_link parameter.
nvd
CVE-2021-41663P4MEDIUMCVSS 6.1v1.112022-06-13
CVE-2021-41663 [MEDIUM] CWE-79 CVE-2021-41663: A cross-site scripting (XSS) vulnerability exists in Mini CMS V1.11. The vulnerability exists in the A cross-site scripting (XSS) vulnerability exists in Mini CMS V1.11. The vulnerability exists in the article upload: post-edit.php page.
nvd
1234N Minicms vulnerabilities | cvebase