CVE-2018-18890: Path Traversal
First published: Thu Nov 01 2018(Updated: )
MiniCMS 1.10 allows full path disclosure via /mc-admin/post.php?state=delete&delete= with an invalid filename.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| 1234n Minicms | =1.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of MiniCMS 1.10?
The vulnerability ID of MiniCMS 1.10 is CVE-2018-18890.
What is the severity of CVE-2018-18890?
The severity of CVE-2018-18890 is medium.
How does MiniCMS 1.10 allow full path disclosure?
MiniCMS 1.10 allows full path disclosure through the /mc-admin/post.php?state=delete&delete= with an invalid filename.
What is the affected software for CVE-2018-18890?
The affected software for CVE-2018-18890 is MiniCMS 1.10.
Is there a fix available for CVE-2018-18890?
There is no specific information available about a fix for CVE-2018-18890. It is recommended to update to a newer version if available or apply any patches provided by the vendor.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/tags
- agent/event
- agent/type
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/1234n
- canonical/1234n minicms
- version/1234n minicms/1.10