CVE-2018-18892
CRITICALMiniCMS 1.10 - Remote Code Execution via Install.php Sitename Parameter
Title source: llmDescription
MiniCMS 1.10 allows execution of arbitrary PHP code via the install.php sitename parameter, which affects the site_name field in mc_conf.php.
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://www.patec.cn/newsshow.php?cid=24&id=135
Exploit, Third Party Advisory x_refsource_misc
https://github.com/AvaterXXX/MiniCms/blob/master/Command%20Execution.md
Scores
CVSS v3
9.8
EPSS
0.0258
EPSS Percentile
83.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-94
Status
published
Products (1)
1234n/minicms
1.10
Published
Nov 01, 2018
Tracked Since
Feb 18, 2026