NotCVE - vendor:"1234n" product:"Minicms" version:"1.10"

Page 3 of 24 results (0.003 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-20520

https://notcve.org/view.php?id=CVE-2018-20520

MiniCMS V1.10 has XSS via the mc-admin/post-edit.php query string, a related issue to CVE-2018-10296 and CVE-2018-16233. MiniCMS V1.10 tiene Cross-Site Scripting (XSS) mediante la cadena de consulta en mc-admin/post-edit.php. Este problema está relacionado con CVE-2018-10296 y CVE-2018-16233. • https://github.com/bg5sbk/MiniCMS/issues/27 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2

CVE-2018-18892

https://notcve.org/view.php?id=CVE-2018-18892

MiniCMS 1.10 allows execution of arbitrary PHP code via the install.php sitename parameter, which affects the site_name field in mc_conf.php. MiniCMS 1.10 permite la ejecución de código PHP arbitrario mediante el parámetro sitename en install.php, que afecta al campo site_name en mc_conf.php. • https://github.com/AvaterXXX/MiniCms/blob/master/Command%20Execution.md https://www.patec.cn/newsshow.php?cid=24&id=135 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2

CVE-2018-18891

https://notcve.org/view.php?id=CVE-2018-18891

MiniCMS 1.10 allows file deletion via /mc-admin/post.php?state=delete&delete= because the authentication check occurs too late. MiniCMS 1.10 permite la eliminación de archivos mediante /mc-admin/post.php?state=deletedelete= debido a que la comprobación de autenticación ocurre demasiado tarde. • https://github.com/AvaterXXX/MiniCms/blob/master/Authentication%20and%20Information%20Exposure.md#authentication-vulnerability https://www.patec.cn/newsshow.php?cid=24&id=135 • CWE-287: Improper Authentication •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 2

CVE-2018-18890

https://notcve.org/view.php?id=CVE-2018-18890

MiniCMS 1.10 allows full path disclosure via /mc-admin/post.php?state=delete&delete= with an invalid filename. MiniCMS 1.10 permite la divulgación total de la ruta mediante /mc-admin/post.php?state=deletedelete= con un nombre de archivo inválido. • https://github.com/AvaterXXX/MiniCms/blob/master/Authentication%20and%20Information%20Exposure.md#information-exposure https://www.patec.cn/newsshow.php?cid=24&id=135 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1

CVE-2018-17039

https://notcve.org/view.php?id=CVE-2018-17039

MiniCMS 1.10, when Internet Explorer is used, allows XSS via a crafted URI because $_SERVER['REQUEST_URI'] is mishandled. MiniCMS 1.10, cuando se emplea Internet Explorer, permite Cross-Site Scripting (XSS) mediante un URI manipulado denido a que $_SERVER['REQUEST_URI'] se gestiona de manera errónea. • https://github.com/bg5sbk/MiniCMS/issues/24 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1 2 3 4 5