PT-2018-9876 · Minicms · Minicms
Starnightcyber
·
Published
2018-04-26
·
Updated
2018-10-30
·
CVE-2018-10423
CVSS v2.0
4.0
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
MiniCMS version 1.10
Description:
The issue allows remote attackers to obtain a directory listing of the top-level directory of the web root. This can be achieved by creating a link that becomes available after posting an article, specifically targeting the mc-admin/post.php file.
Recommendations:
For MiniCMS version 1.10, consider restricting access to the mc-admin/post.php file to prevent unauthorized directory listings until a patch is available.
Exploit
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Minicms