| Название | MiniCMS https://github.com/bg5sbk/MiniCMS V1.8 Unauthorized file deletion |
|---|
| Описание | •The unauthorized file deletion vulnerability is a high-risk security flaw with severe consequences. Attackers can craft malicious requests to delete any files or directories on the server without authentication. This not only directly damages critical business files, database backups, and user data, causing system paralysis and irreversible data loss that leads to user attrition and compliance risks, but also erases essential configuration files and log records, compromising system integrity. More critically, it creates opportunities for malicious program implantation and privilege escalation, potentially triggering a chain of security incidents across the entire network.
DESCRIPTION
•MiniCMS v1.8 (compatible with PHP 5.2.17) contains a critical vulnerability enabling unauthorized file deletion. The flaw originates from the delete_post function in the mc-admin/post.php file, which lacks user authentication verification and fails to filter path traversal characters or empty bytes in the delete parameter. Attackers can craft malicious requests to delete cookie fields and inject payloads containing ../ and %00, bypassing path restrictions to delete arbitrary server files. This vulnerability may result in loss of critical business files, database backups, and system configuration files, causing service disruption. It also facilitates subsequent malicious program implantation and server takeover, potentially triggering severe security chain reactions. |
|---|
| Источник | ⚠️ https://github.com/ueh1013/VULN/issues/10 |
|---|
| Пользователь | Blackooo (UID 93743) |
|---|
| Представление | 27.12.2025 11:40 (4 месяцы назад) |
|---|
| Модерация | 04.01.2026 11:28 (8 days later) |
|---|
| Статус | Дубликат |
|---|
| Запись VulDB | 126384 [miniCMS 1.10 post.php?state=delete&delete слабая аутентификация] |
|---|
| Баллы | 0 |
|---|