Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
monstra monstra 3.0.4 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-40940
Monstra 3.0.4 does not filter the case of php, which leads to an unrestricted file upload vulnerability.
Monstra Monstra
9.8
CVSSv3
CVE-2021-36548
A remote code execution (RCE) vulnerability in the component /admin/index.php?id=themes&action=edit_template&filename=blog of Monstra v3.0.4 allows malicious users to execute arbitrary commands via a crafted PHP file.
Monstra Monstra 3.0.4
9.8
CVSSv3
CVE-2020-25414
A local file inclusion vulnerability exists in the captcha function in Monstra 3.0.4 which allows remote malicious users to execute arbitrary PHP code.
Monstra Monstra 3.0.4
9.8
CVSSv3
CVE-2018-11678
plugins/box/users/users.plugin.php in Monstra CMS 3.0.4 allows Login Rate Limiting Bypass via manipulation of the login_attempts cookie.
Monstra Monstra Cms 3.0.4
8.8
CVSSv3
CVE-2020-23219
Monstra CMS 3.0.4 allows malicious users to execute arbitrary code via a crafted payload entered into the "Snippet content" field under the "Edit Snippet" module.
Monstra Monstra Cms 3.0.4
8.8
CVSSv3
CVE-2020-13384
Monstra CMS 3.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via admin/index.php?id=filesmanager because, for example, .php filenames are blocked but .php7 filenames are not, a related issue to CVE-2017-18048.
Monstra Monstra 3.0.4
8.8
CVSSv3
CVE-2018-16608
In Monstra CMS 3.0.4, an attacker with 'Editor' privileges can change the password of the administrator via an admin/index.php?id=users&action=edit&user_id=1, Insecure Direct Object Reference (IDOR).
Monstra Monstra 3.0.4
8.8
CVSSv3
CVE-2018-9037
Monstra CMS 3.0.4 allows remote code execution via an upload_file request for a .zip file, which is automatically extracted and may contain .php files.
Monstra Monstra 3.0.4
8.8
CVSSv3
CVE-2018-6383
Monstra CMS up to and including 3.0.4 has an incomplete "forbidden types" list that excludes .php (and similar) file extensions but not the .pht or .phar extension, which allows remote authenticated Admins or Editors to execute arbitrary PHP code by uploading a file, a ...
Monstra Monstra
8.8
CVSSv3
CVE-2017-18048
Monstra CMS 3.0.4 allows users to upload arbitrary files, which leads to remote command execution on the server, for example because .php (lowercase) is blocked but .PHP (uppercase) is not.
Monstra Monstra 3.0.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »