CVE-2025-15456

Name of the Vulnerable Software and Affected Versions bg5sbk MiniCMS versions up to 1.8

Description A flaw exists in bg5sbk MiniCMS that allows for improper authentication. This issue affects the Publish Page Handler component, specifically an unknown function within the /mc-admin/page-edit.php file. The attack can be carried out remotely. The exploit for this issue has been publicly disclosed. The existence of this issue is currently disputed. The vendor was notified but did not respond.

Recommendations Versions prior to 1.8 should be updated. As a temporary workaround, restrict access to the /mc-admin/page-edit.php file to minimize the risk of exploitation.