Vulnerability Description
miniCMS 1.0 and 2.0 allows remote attackers to execute arbitrary PHP code via a crafted (1) pagename or (2) area variable containing an executable extension, which is not properly handled by (a) update.php when writing files to content/, or (b) updatenews.php when writing files to content/news/.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jessgramp | Minicms | 1.0 |
Related Weaknesses (CWE)
References
- http://www.exploit-db.com/exploits/18410
- http://www.securityfocus.com/bid/51612Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72645
- http://www.exploit-db.com/exploits/18410
- http://www.securityfocus.com/bid/51612Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72645
FAQ
What is CVE-2012-5231?
CVE-2012-5231 is a vulnerability with a CVSS score of 7.5 (HIGH). miniCMS 1.0 and 2.0 allows remote attackers to execute arbitrary PHP code via a crafted (1) pagename or (2) area variable containing an executable extension, which is not properly handled by (a) updat...
How severe is CVE-2012-5231?
CVE-2012-5231 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-5231?
Check the references section above for vendor advisories and patch information. Affected products include: Jessgramp Minicms.