CVE-2025-15455

Name of the Vulnerable Software and Affected Versions bg5sbk MiniCMS versions up to 1.8

Description A flaw exists in bg5sbk MiniCMS up to version 1.8 related to improper authentication. The issue is located in the delete page function within the /minicms/mc-admin/page.php file of the File Recovery Request Handler component. This manipulation allows for remote exploitation. The exploit has been published. The vendor was contacted regarding this disclosure but did not respond.

Recommendations Versions prior to 1.8 should be updated. As a temporary workaround, consider restricting access to the /minicms/mc-admin/page.php file.