CVE-2025-15458— bg5sbk MiniCMS Article post-edit.php improper authentication
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-15458
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
bg5sbk MiniCMS Article post-edit.php improper authentication
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability was determined in bg5sbk MiniCMS up to 1.8. This affects an unknown function of the file /mc-admin/post-edit.php of the component Article Handler. Executing a manipulation can lead to improper authentication. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
认证机制不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
MiniCMS 授权问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
MiniCMS是达达(bg5sbk)个人开发者的一个针对个人网站设计的微型内容管理系统。 MiniCMS 1.8及之前版本存在授权问题漏洞,该漏洞源于对组件Article Handler的文件/mc-admin/post-edit.php的错误操作,可能导致身份验证不当。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2025-15458
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-15458
请登录查看更多情报信息。
- https://vuldb.com/?id.339491vdb-entry
- https://vuldb.com/?submit.725142third-party-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-15458
Same Patch Batch · bg5sbk · 2026-01-05 · 4 CVEs total
| CVE-2025-15457 | 7.3 HIGH | bg5sbk MiniCMS Trash File Restore post.php improper authentication |
| CVE-2025-15456 | 7.3 HIGH | bg5sbk MiniCMS Publish page-edit.php improper authentication |
| CVE-2025-15455 | 6.5 MEDIUM | bg5sbk MiniCMS File Recovery Request page.php delete_page improper authentication |
IV. Related Vulnerabilities
Same product: MiniCMS
- CVE-2025-15457
bg5sbk MiniCMS Trash File Restore post.php improper authenti - CVE-2025-15456
bg5sbk MiniCMS Publish page-edit.php improper authentication - CVE-2025-15455
bg5sbk MiniCMS File Recovery Request page.php delete_page im - CVE-2024-9282
bg5sbk MiniCMS page-edit.php cross-site request forgery - CVE-2024-9281
bg5sbk MiniCMS post-edit.php cross-site request forgery
Same vendor: bg5sbk
- CVE-2025-15457
bg5sbk MiniCMS Trash File Restore post.php improper authenti - CVE-2025-15456
bg5sbk MiniCMS Publish page-edit.php improper authentication - CVE-2025-15455
bg5sbk MiniCMS File Recovery Request page.php delete_page im - CVE-2024-9282
bg5sbk MiniCMS page-edit.php cross-site request forgery - CVE-2024-9281
bg5sbk MiniCMS post-edit.php cross-site request forgery
Same weakness: CWE-287
- CVE-2026-8244
Industrial Application Software IAS Canias ERP Login RMI imp - CVE-2026-8216
Industrial Application Software IAS Canias ERP Java RMI Sess - CVE-2026-8214
Industrial Application Software IAS Canias ERP RMI doAction - CVE-2026-42560
auth: Patreon provider assigns the same local user ID to eve - CVE-2026-41070
openvpn-auth-oauth2 returns FUNC_SUCCESS on client-deny, all
V. Comments for CVE-2025-15458
No comments yet