PT-2018-14711 · Minicms · Minicms
Publicado
2018-11-01
·
Atualizado
2018-12-03
·
CVE-2018-18890
CVSS v3.1
5.3
Média
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
MiniCMS version 1.10
Description
The issue allows for full path disclosure through the "/mc-admin/post.php" endpoint with specific parameters, such as
state set to "delete" and delete set to an invalid filename.Recommendations
For MiniCMS version 1.10, as a temporary workaround, consider restricting access to the "/mc-admin/post.php" endpoint until a patch is available. Additionally, validate and sanitize the
delete parameter to prevent disclosure of sensitive information.Exploit
Correção
Path traversal
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Minicms