bg5sbk MiniCMS Improper Authentication Vulnerability in Page Editing Component

A vulnerability exists in bg5sbk MiniCMS versions through 1.8, specifically in the Publish Page Handler within the file /mc-admin/page-edit.php. This vulnerability allows for unauthorized editing and publishing of pages due to a lack of proper authentication checks. The issue can be exploited remotely, and a public proof-of-concept exploit is available. The vulnerability's existence is currently disputed.

Impact

Exploitation of this vulnerability allows for unauthorized page edits, which can lead to copyright violations, the spread of misinformation, and damage to the platform's credibility and reputation. Such actions could also provoke legal disputes or regulatory penalties.

Reproduction

To reproduce this vulnerability, access the backend and navigate to the page creation section. Capture the POST request intended for page creation, noting that the mc_token Cookie field is omitted. After removing the Cookie field, send the request with the desired page parameters, such as title, content, and file path. The page will be published successfully, demonstrating the vulnerability.

Remediation

It is recommended to implement proper authentication checks in the page editing handler, validate request parameters to prevent tampering, and enhance Cookie validation by linking tokens to user sessions. Additionally, upgrading to the latest version of MiniCMS and its dependencies is advised.