// For flags

CVE-2012-5231

MiniCMS 1.0/2.0 - PHP Code Injection

Severity Score

7.5
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

3
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

miniCMS 1.0 and 2.0 allows remote attackers to execute arbitrary PHP code via a crafted (1) pagename or (2) area variable containing an executable extension, which is not properly handled by (a) update.php when writing files to content/, or (b) updatenews.php when writing files to content/news/.

miniCMS v1.0 y v2.0, permite a atacantes remotos ejecutar código PHP arbitrario a través de la variable (1) pagename o (2) área manipuladas, que contiene una extensión ejecutable, que no se utilizan con cuidado por (a) update.php al escribir archivos en content/ o (b) updatenews.php al escribir archivos en content/news/.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2012-01-22 First Exploit
  • 2012-10-01 CVE Reserved
  • 2012-10-01 CVE Published
  • 2024-08-06 CVE Updated
  • 2024-10-20 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Jessgramp
Search vendor "Jessgramp"
 Minicms
Search vendor "Jessgramp" for product "Minicms"
 1.0
Search vendor "Jessgramp" for product "Minicms" and version "1.0"
-
Affected
Jessgramp
Search vendor "Jessgramp"
 Minicms
Search vendor "Jessgramp" for product "Minicms"
 2.0
Search vendor "Jessgramp" for product "Minicms" and version "2.0"
-
Affected