Vulnerabilities > 1234N > High

DATE CVE VULNERABILITY TITLE RISK
2022-06-24 CVE-2022-33121 Cross-Site Request Forgery (CSRF) vulnerability in 1234N Minicms 1.11
A Cross-Site Request Forgery (CSRF) in MiniCMS v1.11 allows attackers to arbitrarily delete local .dat files via clicking on a malicious link.
network
low complexity
1234n CWE-352
8.1
8.1
2021-01-05 CVE-2020-36051 Path Traversal vulnerability in 1234N Minicms 1.10
Directory traversal vulnerability in page_edit.php in MiniCMS V1.10 allows remote attackers to read arbitrary files via the state parameter.
network
low complexity
1234n CWE-22
7.5
7.5
2018-11-01 CVE-2018-18891 Improper Authentication vulnerability in 1234N Minicms 1.10
MiniCMS 1.10 allows file deletion via /mc-admin/post.php?state=delete&delete= because the authentication check occurs too late.
network
low complexity
1234n CWE-287
7.5
7.5
2018-03-27 CVE-2018-9092 Cross-Site Request Forgery (CSRF) vulnerability in 1234N Minicms 1.10
There is a CSRF vulnerability in mc-admin/conf.php in MiniCMS 1.10 that can change the administrator account password.
network
low complexity
1234n CWE-352
8.8
8.8