bg5sbk MiniCMS Improper Authentication Vulnerability in Article Handler Component

A critical vulnerability allowing improper authentication has been identified in bg5sbk MiniCMS versions through 1.8. This issue resides in the Article Handler component, specifically within the file '/mc-admin/post-edit.php'. The vulnerability enables remote attackers to bypass authentication and cookies by sending crafted POST requests. This access allows them to manipulate article content, including editing and publishing, which could lead to unauthorized changes on the website and potential exposure of sensitive server and user data.

Impact

Exploitation of this vulnerability allows for unauthorized access to article editing and publishing features, enabling attackers to manipulate website content. Such actions could disrupt business operations and cause regulatory compliance issues. Additionally, if the vulnerability is exploited in the backend management context, it could lead to a gain of system privileges, allowing further malicious activities such as launching DDoS attacks or implanting mining programs.

Reproduction

To reproduce this vulnerability, access the MiniCMS backend and navigate to the 'Write Article' section. After filling in the article details, save the entry while removing the cookie field from the request. This will successfully publish the article, demonstrating the vulnerability.

Remediation

It is recommended to implement strict authentication measures for the '/mc-admin/post-edit.php' API, ensuring that user login status and key credentials are verified before allowing access. Abnormal requests should be filtered out through secondary validation of API request parameters and Referer origins. MiniCMS should be kept updated to the latest stable version, with regular security patches applied. Access to the post-editing API should be restricted to authorized roles, such as administrators, and all API calls should be logged for security audits.