CVE-2025-15456
Improper Authentication in bg5sbk MiniCMS Publish Page Handler
Publication date: 2026-01-05
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| bg5sbk | minicms | to 1.8 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-287 | When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-15456 is an improper authentication vulnerability in MiniCMS up to version 1.8, specifically in the file /mc-admin/page-edit.php. The flaw occurs because the system removes the mc_token cookie, which is supposed to authenticate users, during the page creation POST request but still processes the request. This allows unauthorized users to edit and publish pages without proper permission verification, effectively bypassing authentication controls. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can have serious impacts including unauthorized editing and publishing of pages, leading to copyright infringement, misinformation dissemination, damage to platform credibility, legal disputes, regulatory penalties, economic losses for content creators, and disruption of the online content ecosystem. It can also facilitate malicious activities such as smear campaigns and rumor spreading, undermining user trust and platform reputation. [1, 2]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability can negatively affect compliance with standards and regulations such as GDPR and HIPAA by exposing the platform to regulatory penalties due to unauthorized content modification, misinformation, and potential data integrity issues. This undermines the platform's ability to maintain data accuracy, integrity, and trustworthiness required by such regulations. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unauthorized POST requests to the /mc-admin/page-edit.php endpoint that contain parameters such as title, content, and file, especially if these requests lack a valid mc_token cookie. Additionally, attackers may be found by searching for access attempts using Google dorking with the query inurl:mc-admin/page-edit.php. A proof-of-concept involves capturing POST requests to this endpoint and checking if requests without the mc_token cookie are accepted. Specific commands are not provided, but network monitoring tools or web application firewalls can be configured to log and alert on such suspicious POST requests. [2, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include: 1) Implement strict permission verification at the start of /mc-admin/page-edit.php by validating user login status and the validity of the mc_token cookie, rejecting unauthorized requests with a 403 HTTP status code. 2) Enhance validation of critical POST parameters such as file, title, and state to prevent parameter tampering. 3) Strengthen cookie validation by linking mc_token to user sessions, regularly updating tokens, and verifying cookie integrity. 4) Upgrade MiniCMS to a newer, patched version and update the PHP environment to a more secure version than 5.2.17. 5) Add operation log auditing to record user identity, timestamp, IP address, and content changes for monitoring and incident response. If a patched version is not available, consider using alternative products. [2, 3]