Product:

Minicms

(1234n)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 28
Date Id Summary Products Score Patch Annotated
2023-02-24 CVE-2021-33387 Cross Site Scripting Vulnerability in MiniCMS v.1.10 allows attacker to execute arbitrary code via a crafted get request. Minicms 9.6
2021-01-05 CVE-2020-36051 Directory traversal vulnerability in page_edit.php in MiniCMS V1.10 allows remote attackers to read arbitrary files via the state parameter. Minicms 7.5
2021-01-05 CVE-2020-36052 Directory traversal vulnerability in post-edit.php in MiniCMS V1.10 allows remote attackers to include and execute arbitrary files via the state parameter. Minicms 9.8
2021-04-28 CVE-2020-17999 Cross Site Scripting (XSS) in MiniCMS v1.10 allows remote attackers to execute arbitrary code by injecting commands via a crafted HTTP request to the component "/mc-admin/post-edit.php". Minicms 6.1
2022-02-10 CVE-2021-44970 MiniCMS v1.11 was discovered to contain a cross-site scripting (XSS) vulnerability via /mc-admin/page-edit.php. Minicms 5.4
2022-06-13 CVE-2021-41663 A cross-site scripting (XSS) vulnerability exists in Mini CMS V1.11. The vulnerability exists in the article upload: post-edit.php page. Minicms 6.1
2022-06-24 CVE-2022-33121 A Cross-Site Request Forgery (CSRF) in MiniCMS v1.11 allows attackers to arbitrarily delete local .dat files via clicking on a malicious link. Minicms 8.1
2022-06-28 CVE-2020-19896 File inclusion vulnerability in Minicms v1.9 allows remote attackers to execute arbitary PHP code via post-edit.php. Minicms 9.8
2023-10-31 CVE-2023-46378 Stored Cross Site Scripting (XSS) vulnerability in MiniCMS 1.1.1 allows attackers to run arbitrary code via crafted string appended to /mc-admin/conf.php. Minicms 5.4
2019-07-03 CVE-2019-13186 In MiniCMS V1.10, stored XSS was found in mc-admin/post-edit.php via the tags box. An attacker can use it to get a user's cookie. This is different from CVE-2018-10296, CVE-2018-16233, and CVE-2018-20520. Minicms 6.1