This exploit demonstrates a Local File Inclusion (LFI) vulnerability in CMSmini 0.2.2. The `/admin/edit.php` script directly includes user-supplied input via the `name` parameter without proper sanitization, allowing arbitrary file reads.
Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target:CMSmini 0.2.2
No auth needed
Prerequisites:Access to the `/admin/edit.php` endpoint