CVE-2012-5231

miniCMS 1.0 and 2.0 - Remote Code Execution via Pagename or Area Variable

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-5231. PoCs published by Or4nG.M4N.

AI-analyzed exploit summary This exploit demonstrates a PHP code injection vulnerability in miniCMS v1.0 to v2.0 by leveraging null byte termination to bypass file extension restrictions and inject malicious PHP code into files. The PoC includes instructions for bypassing addslashes() and executing arbitrary commands via a crafted POST request.

Description

miniCMS 1.0 and 2.0 allows remote attackers to execute arbitrary PHP code via a crafted (1) pagename or (2) area variable containing an executable extension, which is not properly handled by (a) update.php when writing files to content/, or (b) updatenews.php when writing files to content/news/.

Exploits (1)

exploitdb WORKING POC
by Or4nG.M4N · textwebappsphp
https://www.exploit-db.com/exploits/18410

This exploit demonstrates a PHP code injection vulnerability in miniCMS v1.0 to v2.0 by leveraging null byte termination to bypass file extension restrictions and inject malicious PHP code into files. The PoC includes instructions for bypassing addslashes() and executing arbitrary commands via a crafted POST request.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: miniCMS v1.0 to v2.0
Auth required
Prerequisites: Access to the miniCMS admin interface or valid session cookie · Live HTTP Headers or similar tool to craft POST requests
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/18410
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/72645
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/51612

Scores

EPSS 0.0266
EPSS Percentile 83.7%

Details

CWE
CWE-94
Status published
Products (2)
jessgramp/minicms 1.0
jessgramp/minicms 2.0
Published Oct 01, 2012
Tracked Since Feb 18, 2026