Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5231

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2012-5231
Last Modified 08 Sep 2013 02:18:19
Published 01 Oct 2012 04:55:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-5231

Summary

miniCMS 1.0 and 2.0 allows remote attackers to execute arbitrary PHP code via a crafted (1) pagename or (2) area variable containing an executable extension, which is not properly handled by (a) update.php when writing files to content/, or (b) updatenews.php when writing files to content/news/.

Vulnerable Systems

Application

  • Jessgramp Minicms 1.0

  • Jessgramp Minicms 2.0


References

XF - minicms-content-code-injection(72645)

BID - 51612

EXPLOIT-DB - 18410


Last Updated: 27 May 2016 11:00:50