| Title | MiniCMS https://github.com/bg5sbk/MiniCMS V1.8 unauthorized vulnerability |
|---|
| Description | •Unauthorized vulnerabilities are critical security risks where attackers can bypass authentication to directly access or manipulate target systems, interfaces, and data. These exploits enable theft of sensitive server configurations, plaintext database information, and user privacy data. Attackers may also alter website content, implant malicious code, or even delete core business data, potentially causing service disruptions.
•If the vulnerability affects backend management functions, attackers can directly gain system privileges, further implanting mining programs and launching DDoS attacks. This may also expose enterprises to data breach compliance liabilities, damaging brand credibility, and triggering user trust crises along with financial losses.
DESCRIPTION
•The /post-edit.php file in MiniCMS v1.8 contains a critical unauthenticated vulnerability. This flaw enables attackers to bypass authentication and bypass cookies by crafting POST requests to access article editing and publishing interfaces. Attackers can arbitrarily submit requests with titles, content, and other information, successfully publishing or altering website articles. Such vulnerabilities may lead to malicious content tampering, the insertion of harmful materials, and potential leakage of sensitive server and user data, resulting in severe consequences including business disruptions and regulatory compliance issues. These actions can significantly damage corporate brand credibility and user rights. |
|---|
| Source | ⚠️ https://github.com/ueh1013/VULN/issues/9 |
|---|
| User | Blackooo (UID 93743) |
|---|
| Submission | 12/27/2025 11:41 AM (2 months ago) |
|---|
| Moderation | 01/04/2026 11:28 AM (8 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 339491 [bg5sbk MiniCMS up to 1.8 Article /mc-admin/post-edit.php improper authentication] |
|---|
| Points | 20 |
|---|