Blackooo

**Name of the Vulnerable Software and Affected Versions** bg5sbk MiniCMS versions up to 1.8 **Description** A flaw exists in bg5sbk MiniCMS up to version 1.8 related to improper authentication. The issue is located in the `delete page` function within the `/minicms/mc-admin/page.php` file of the File Recovery Request Handler component. This manipulation allows for remote exploitation. The exploit has been published. The vendor was contacted regarding this disclosure but did not respond. **Recommendations** Versions prior to 1.8 should be updated. As a temporary workaround, consider restricting access to the `/minicms/mc-admin/page.php` file.

**Name of the Vulnerable Software and Affected Versions** bg5sbk MiniCMS versions up to 1.8 **Description** A flaw exists in bg5sbk MiniCMS that allows for improper authentication. This issue affects the Publish Page Handler component, specifically an unknown function within the `/mc-admin/page-edit.php` file. The attack can be carried out remotely. The exploit for this issue has been publicly disclosed. The existence of this issue is currently disputed. The vendor was notified but did not respond. **Recommendations** Versions prior to 1.8 should be updated. As a temporary workaround, restrict access to the `/mc-admin/page-edit.php` file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** bg5sbk MiniCMS versions up to 1.8 **Description** A flaw exists in bg5sbk MiniCMS up to version 1.8 related to improper authentication. The issue resides in an unknown function within the `/minicms/mc-admin/post.php` file, specifically within the Trash File Restore Handler component. A remote attacker can exploit this flaw through manipulation. The exploit is publicly available. The vendor was notified but did not respond. **Recommendations** Versions prior to 1.8 should be updated. As a temporary workaround, consider restricting access to the `/minicms/mc-admin/post.php` file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** bg5sbk MiniCMS versions up to 1.8 **Description** A flaw exists in bg5sbk MiniCMS that can lead to improper authentication. The issue affects an unknown function within the Article Handler component, specifically in the file `/mc-admin/post-edit.php`. It is possible to exploit this issue remotely by executing a manipulation. The exploit has been publicly disclosed. The vendor was informed of this disclosure but did not respond. **Recommendations** Versions prior to 1.8 should be updated. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GreenCMS versions prior to 2.3 **Description** A flaw exists in GreenCMS up to version 2.3 within the File Handler component, specifically in the /DataController.class.php file. Manipulation of the `sqlFiles`/`zipFiles` argument can lead to path traversal. This issue is remotely exploitable and an exploit has been publicly released. The affected products are no longer supported by the maintainer. **Recommendations** Versions prior to 2.3: At the moment, there is no information about a newer version that contains a fix for this vulnerability.