MiniCMS 1.10 allows full path disclosure via /mc-admin/post.php?state=delete&delete= with an invalid filename. Date published : 2018-10-31 https://github.com/Av