| Título | MiniCMS https://github.com/bg5sbk/MiniCMS V1.8 Unauthorized page deletion |
|---|
| Descrição | •The unauthorized page deletion vulnerability poses severe risks. Attackers can delete target website pages without authentication, ranging from basic information pages and user comment sections to core business pages and data statistics pages. Such malicious deletions may cause content gaps, functional failures, and compromised user experience and credibility. Critical business pages removed could lead to service interruptions, user attrition, and financial losses. Furthermore, the vulnerability may be exploited to manipulate website data or implant malicious code, amplifying damage. Data recovery after deletion requires substantial resources and may result in irreversible permanent data loss.
DESCRIPTION
•The /minicms/mc-admin/page.php file in MiniCMS v1.8 contains an unauthorized deletion vulnerability, affecting PHP 5.2.17. This flaw arises from the absence of permission verification for deletion operations. The exploit works by initiating a file recovery request in the backend, capturing the data packet, and retransmitting the deletion request with the mc_token Cookie field. This allows direct deletion of published pages on the target website, with the deleted pages being moved to the recycle bin. The vulnerability may cause incomplete website content and functional anomalies, while the removal of critical business pages could lead to service interruptions and financial losses, posing significant risks. |
|---|
| Fonte | ⚠️ https://github.com/ueh1013/VULN/issues/14 |
|---|
| Utilizador | Blackooo (UID 93743) |
|---|
| Submissão | 27/12/2025 11h37 (há 4 meses) |
|---|
| Moderação | 04/01/2026 11h27 (8 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 339488 [bg5sbk MiniCMS até 1.8 File Recovery Request page.php delete_page Autenticação fraca] |
|---|
| Pontos | 20 |
|---|