CVE-2018-18891

Name of the Vulnerable Software and Affected Versions MiniCMS version 1.10

Description The issue allows for file deletion due to an authentication check occurring too late. This can be exploited via the "/mc-admin/post.php?state=delete&delete=" endpoint, where an attacker can delete files without proper authorization.

Recommendations For MiniCMS version 1.10, consider restricting access to the "/mc-admin/post.php" endpoint until a fix is available, and ensure that authentication checks are properly implemented to prevent unauthorized file deletion.