Description
A security vulnerability has been detected in MineAdmin 1.x/2.x. Affected is an unknown function of the file /system/getFileInfoById. Such manipulation of the argument ID leads to information disclosure. It is possible to launch the attack remotely. The attack requires a high level of complexity. The exploitability is told to be difficult. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-01-20
Score: 2.3 Low
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Update Software
AI Analysis

Impact

The vulnerability resides in MineAdmin version 1.x and 2.x, where the getFileInfoById function in /system/getFileInfoById can be manipulated by altering the ID argument to reveal files that should not be exposed. This flaw enables unauthorized disclosure of potentially sensitive data through the web interface. The flaw is classified as an information exposure (CWE‑200) coupled with improper access control (CWE‑284), allowing attackers to retrieve content beyond permitted scopes.

Affected Systems

Any deployed instance of MineAdmin 1.x or 2.x is affected. Both CPE strings for version 1.0 and 2.0 indicate that all releases within these major branches are susceptible, while newer major versions beyond 2.x are not listed.

Risk and Exploitability

The CVSS base score of 2.3 reflects a low severity threat, and the EPSS score of less than 1% indicates a very small likelihood of real‑world exploitation given the current awareness. The vulnerability is not included in the CISA KEV catalog, suggesting no widespread confirmed exploits. However, the attack can be launched remotely by an adversary who can direct the target’s web server to request a crafted file ID; the attack requires a high level of complexity and is considered difficult to execute, but a public proof‑of‑concept is available, raising the possibility of future exploitation if the software is not updated.

Generated by OpenCVE AI on April 16, 2026 at 07:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Verify whether a newer, non‑vulnerable version of MineAdmin is available and upgrade immediately.
  • Limit access to the /system/getFileInfoById endpoint by enforcing firewall rules or application‑level authentication to ensure only authorized users can query it.
  • Enable detailed logging on file retrieval operations and routinely review logs for abnormal ID requests that might indicate exploitation attempts.
  • Implement input validation or parameter whitelisting on the ID argument to prevent unauthorized file access and enforce proper access control checks.

Generated by OpenCVE AI on April 16, 2026 at 07:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-wq8p-q8cq-94w5 MineAdmin May Expose Sensitive Information to an Unauthorized Actor
History

Mon, 23 Feb 2026 09:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:mineadmin:mineadmin:*:*:*:*:*:*:*:*

Thu, 05 Feb 2026 20:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:mineadmin:mineadmin:1.0:*:*:*:*:*:*:*
cpe:2.3:a:mineadmin:mineadmin:2.0:*:*:*:*:*:*:*

Tue, 20 Jan 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 20 Jan 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Mineadmin
Mineadmin mineadmin
Vendors & Products Mineadmin
Mineadmin mineadmin

Tue, 20 Jan 2026 00:45:00 +0000

Type Values Removed Values Added
Description A security vulnerability has been detected in MineAdmin 1.x/2.x. Affected is an unknown function of the file /system/getFileInfoById. Such manipulation of the argument ID leads to information disclosure. It is possible to launch the attack remotely. The attack requires a high level of complexity. The exploitability is told to be difficult. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title MineAdmin getFileInfoById information disclosure
Weaknesses CWE-200
CWE-284
References
Metrics cvssV2_0

{'score': 2.1, 'vector': 'AV:N/AC:H/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 3.1, 'vector': 'CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 3.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 2.3, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Mineadmin Mineadmin
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-03-25T12:32:45.218Z

Reserved: 2026-01-19T13:59:59.216Z

Link: CVE-2026-1196

cve-icon Vulnrichment

Updated: 2026-01-20T17:03:49.299Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-20T01:15:56.443

Modified: 2026-04-29T01:00:01.613

Link: CVE-2026-1196

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T08:00:11Z

Weaknesses