CVE-2025-15457
HIGH1234n Minicms < 1.8 - Authentication Bypass
Title source: ruleDescription
A vulnerability was found in bg5sbk MiniCMS up to 1.8. The impacted element is an unknown function of the file /minicms/mc-admin/post.php of the component Trash File Restore Handler. Performing a manipulation results in improper authentication. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
References (4)
Scores
CVSS v3
7.3
EPSS
0.0046
EPSS Percentile
63.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Classification
CWE
CWE-287
Status
published
Affected Products (1)
1234n/minicms
< 1.8
Timeline
Published
Jan 05, 2026
Tracked Since
Feb 18, 2026