Blackooo

**Name of the Vulnerable Software and Affected Versions** bg5sbk MiniCMS versions up to 1.8 **Description** A flaw exists in bg5sbk MiniCMS up to version 1.8 related to improper authentication. The issue is located in the `delete page` function within the `/minicms/mc-admin/page.php` file of the File Recovery Request Handler component. This manipulation allows for remote exploitation. The exploit has been published. The vendor was contacted regarding this disclosure but did not respond. **Recommendations** Versions prior to 1.8 should be updated. As a temporary workaround, consider restricting access to the `/minicms/mc-admin/page.php` file.

**Name of the Vulnerable Software and Affected Versions** bg5sbk MiniCMS versions up to 1.8 **Description** A flaw exists in bg5sbk MiniCMS that allows for improper authentication. This issue affects the Publish Page Handler component, specifically an unknown function within the `/mc-admin/page-edit.php` file. The attack can be carried out remotely. The exploit for this issue has been publicly disclosed. The existence of this issue is currently disputed. The vendor was notified but did not respond. **Recommendations** Versions prior to 1.8 should be updated. As a temporary workaround, restrict access to the `/mc-admin/page-edit.php` file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** bg5sbk MiniCMS versions up to 1.8 **Description** A flaw exists in bg5sbk MiniCMS up to version 1.8 related to improper authentication. The issue resides in an unknown function within the `/minicms/mc-admin/post.php` file, specifically within the Trash File Restore Handler component. A remote attacker can exploit this flaw through manipulation. The exploit is publicly available. The vendor was notified but did not respond. **Recommendations** Versions prior to 1.8 should be updated. As a temporary workaround, consider restricting access to the `/minicms/mc-admin/post.php` file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** bg5sbk MiniCMS versions up to 1.8 **Description** A flaw exists in bg5sbk MiniCMS that can lead to improper authentication. The issue affects an unknown function within the Article Handler component, specifically in the file `/mc-admin/post-edit.php`. It is possible to exploit this issue remotely by executing a manipulation. The exploit has been publicly disclosed. The vendor was informed of this disclosure but did not respond. **Recommendations** Versions prior to 1.8 should be updated. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Nome do Software Vulnerável e Versões Afetadas** Versões do GreenCMS anteriores à 2.3 **Descrição** Existe uma falha no GreenCMS até a versão 2.3 dentro do componente Manipulador de Arquivos, especificamente no arquivo /DataController.class.php. A manipulação do argumento `sqlFiles`/`zipFiles` pode levar a Path Traversal. Esta vulnerabilidade é explorável remotamente e um exploit foi disponibilizado publicamente. Os produtos afetados não são mais suportados pelo mantenedor. **Recomendações** Versões anteriores à 2.3: No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.