Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
monstra vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-40940
Monstra 3.0.4 does not filter the case of php, which leads to an unrestricted file upload vulnerability.
Monstra Monstra
NA
CVE-2014-9006
Monstra 3.0.1 and previous versions uses a cookie to track how many login attempts have been attempted, which allows remote malicious users to conduct brute force login attacks by deleting the login_attempts cookie or setting it to certain values.
Monstra Monstra
8.8
CVSSv3
CVE-2018-6383
Monstra CMS up to and including 3.0.4 has an incomplete "forbidden types" list that excludes .php (and similar) file extensions but not the .pht or .phar extension, which allows remote authenticated Admins or Editors to execute arbitrary PHP code by uploading a file, a ...
Monstra Monstra
6.5
CVSSv3
CVE-2020-8439
Monstra CMS up to and including 3.0.4 allows remote authenticated users to take over arbitrary user accounts via a modified login parameter to an edit URI, as demonstrated by login=victim to the users/21/edit URI.
Monstra Monstra
5.4
CVSSv3
CVE-2018-6550
Monstra CMS up to and including 3.0.4 has XSS in the title function in plugins/box/pages/pages.plugin.php via a page title to admin/index.php.
Monstra Monstra
6.5
CVSSv3
CVE-2018-9038
Monstra CMS 3.0.4 allows remote malicious users to delete files via an admin/index.php?id=filesmanager&delete_dir=./&path=uploads/ request.
Monstra Monstra 3.0.4
1 EDB exploit
4.8
CVSSv3
CVE-2018-10118
Monstra CMS 3.0.4 has Stored XSS via the Name field on the Create New Page screen under the admin/index.php?id=pages URI, related to plugins/box/pages/pages.admin.php.
Monstra Monstra 3.0.4
1 EDB exploit
1 Github repository
6.1
CVSSv3
CVE-2018-11227
Monstra CMS 3.0.4 and previous versions has XSS via index.php.
Monstra Monstra Cms
6.1
CVSSv3
CVE-2018-14922
Multiple cross-site scripting (XSS) vulnerabilities in Monstra CMS 3.0.4 allow remote malicious users to inject arbitrary web script or HTML via the (1) first name or (2) last name field in the edit profile page.
Monstra Monstra 3.0.4
4.8
CVSSv3
CVE-2018-18694
admin/index.php?id=filesmanager in Monstra CMS 3.0.4 allows remote authenticated administrators to trigger stored XSS via JavaScript content in a file whose name lacks an extension. Such a file is interpreted as text/html in certain cases.
Monstra Monstra 3.0.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028
CVE-2024-32406
CVE-2024-25624
IMAP
CVE-2024-2310
CVE-2024-0874
CVE-2024-20359
XXE
remote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »