| タイトル | MiniCMS https://github.com/bg5sbk/MiniCMS V1.8 Unauthorized editing of the publish page |
|---|
| 説明 | •The vulnerability allowing unauthorized page editing may trigger multiple adverse consequences. From a copyright perspective, it directly infringes upon original authors' rights, causing economic losses and compromised attribution rights for rights holders, while also raising legal disputes and compensation risks. Regarding content quality, unverified edits could distort core arguments, spread misinformation, mislead audiences, and undermine content authenticity and credibility. For platforms, this flaw may damage their reputation, erode user trust, and expose them to regulatory penalties, ultimately affecting compliance operations. Furthermore, it may facilitate malicious smear campaigns and rumor dissemination, disrupting the healthy ecosystem of online content.
DESCRIPTION
•The /mc-admin/page-edit.php file in MiniCMS v1.8 (compatible with PHP 5.2.17) contains a vulnerability that enables unauthorized page editing and publishing. This flaw arises from the absence of proper permission verification for visitors. During the verification process, the system intercepts and captures the POST request used to create a page, then removes the mc_token Cookie field from the request headers. Subsequently, it directly sends a request containing parameters such as title, content, and path (e.g., file=ekpq3h), successfully publishing the page. This vulnerability may lead to copyright infringement, dissemination of misinformation, erosion of platform credibility, and potential legal disputes or regulatory penalties, severely disrupting the online content ecosystem.. |
|---|
| ソース | ⚠️ https://github.com/ueh1013/VULN/issues/13 |
|---|
| ユーザー | Blackooo (UID 93743) |
|---|
| 送信 | 2025年12月27日 11:38 (4 月 ago) |
|---|
| モデレーション | 2026年01月04日 11:27 (8 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 339489 [bg5sbk MiniCMS 迄 1.8 Publish Page /mc-admin/page-edit.php 弱い認証] |
|---|
| ポイント | 20 |
|---|