CVE-2012-5231

Name of the Vulnerable Software and Affected Versions miniCMS versions 1.0 through 2.0

Description The issue allows remote attackers to execute arbitrary PHP code via crafted pagename or area variables containing executable extensions. This is due to improper handling by update.php when writing files to content/, or by updatenews.php when writing files to content/news/.

Recommendations For miniCMS versions 1.0 through 2.0, consider disabling the update.php and updatenews.php scripts until a patch is available to prevent arbitrary PHP code execution. Restrict access to the content/ and content/news/ directories to minimize the risk of exploitation. Avoid using the pagename and area variables in the affected scripts until the issue is resolved.