CVE-2018-18890

Summary: 
MiniCMS 1.10 allows full path disclosure via /mc-admin/post.php?state=delete&delete= with an invalid filename.
Published: 
Wednesday, October 31, 2018 - 21:29
cvss: