{"id":"CVE-2018-18890","details":"MiniCMS 1.10 allows full path disclosure via /mc-admin/post.php?state=delete&delete= with an invalid filename.","modified":"2026-07-08T17:16:57.384818Z","published":"2018-11-01T01:29:00.377Z","references":[{"type":"EVIDENCE","url":"https://github.com/AvaterXXX/MiniCms/blob/master/Authentication%20and%20Information%20Exposure.md#information-exposure"},{"type":"EVIDENCE","url":"https://www.patec.cn/newsshow.php?cid=24&id=135"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/bg5sbk/minicms","events":[{"introduced":"563cb6a15e4309150339720a4b8ab6bad86d31af"},{"last_affected":"563cb6a15e4309150339720a4b8ab6bad86d31af"}],"database_specific":{"extracted_events":[{"introduced":"1.10"},{"last_affected":"1.10"}],"source":"CPE_STRING","cpe":"cpe:2.3:a:1234n:minicms:1.10:*:*:*:*:*:*:*"}}],"versions":["1.10","v1.10"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-18890.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}]}