CVE-2023-46378

Name of the Vulnerable Software and Affected Versions MiniCMS version 1.1.1

Description The issue allows attackers to run arbitrary code via a crafted string appended to the "/mc-admin/conf.php" API endpoint. This is a Stored Cross Site Scripting (XSS) issue, which means that an attacker can inject malicious code into the application, and this code will be executed by the application, potentially allowing the attacker to access sensitive data or take control of the application.

Recommendations For MiniCMS version 1.1.1, as a temporary workaround, consider restricting access to the "/mc-admin/conf.php" endpoint until a patch is available. Additionally, avoid using crafted strings that could be used to exploit this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.