CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2012-5231

miniCMS 1.0 and 2.0 allows remote attackers to execute arbitrary PHP code via a crafted (1) pagename or (2) area variable containing an executable extension, which is not properly handled by (a) update.php when writing files to content/, or (b) updatenews.php when writing files to content/news/.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.027

EPSS Ranking 85.1%

CVSS Severity

CVSS v2 Score 7.5

References

http://www.exploit-db.com/exploits/18410
http://www.securityfocus.com/bid/51612
https://exchange.xforce.ibmcloud.com/vulnerabilities/72645
http://www.exploit-db.com/exploits/18410
http://www.securityfocus.com/bid/51612
https://exchange.xforce.ibmcloud.com/vulnerabilities/72645

Products affected by CVE-2012-5231

Jessgramp » Minicms » Version: 1.0

cpe:2.3:a:jessgramp:minicms:1.0
Jessgramp » Minicms » Version: 2.0

cpe:2.3:a:jessgramp:minicms:2.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2012-5231

Products

Pricing

Contact Us