Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
monstra monstra 3.0.4 vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2018-16977
Monstra CMS V3.0.4 has an information leakage risk (e.g., PATH, DOCUMENT_ROOT, and SERVER_ADMIN) in libraries/Gelato/ErrorHandler/Resources/Views/Errors/exception.php.
Monstra Monstra 3.0.4
3.5
CVSSv2
CVE-2018-17024
admin/index.php in Monstra CMS 3.0.4 allows XSS via the page_meta_title parameter in an add_page action.
Monstra Monstra 3.0.4
4.3
CVSSv2
CVE-2018-17025
admin/index.php in Monstra CMS 3.0.4 allows XSS via the page_meta_title parameter in an edit_page action for a page with no special role.
Monstra Monstra 3.0.4
3.5
CVSSv2
CVE-2018-17026
admin/index.php in Monstra CMS 3.0.4 allows XSS via the page_meta_title parameter in an edit_page&name=error404 action, a different vulnerability than CVE-2018-10121.
Monstra Monstra 3.0.4
6.5
CVSSv2
CVE-2018-9037
Monstra CMS 3.0.4 allows remote code execution via an upload_file request for a .zip file, which is automatically extracted and may contain .php files.
Monstra Monstra 3.0.4
3.5
CVSSv2
CVE-2018-10118
Monstra CMS 3.0.4 has Stored XSS via the Name field on the Create New Page screen under the admin/index.php?id=pages URI, related to plugins/box/pages/pages.admin.php.
Monstra Monstra 3.0.4
1 EDB exploit
1 Github repository
5.5
CVSSv2
CVE-2018-9038
Monstra CMS 3.0.4 allows remote malicious users to delete files via an admin/index.php?id=filesmanager&delete_dir=./&path=uploads/ request.
Monstra Monstra 3.0.4
1 EDB exploit
5.5
CVSSv2
CVE-2018-16819
admin/index.php in Monstra CMS 3.0.4 allows arbitrary file deletion via id=filesmanager&path=uploads/.......//./.......//./&delete_file= requests.
Monstra Monstra 3.0.4
5
CVSSv2
CVE-2018-16820
admin/index.php in Monstra CMS 3.0.4 allows arbitrary directory listing via id=filesmanager&path=uploads/.......//./.......//./ requests.
Monstra Monstra 3.0.4
6.5
CVSSv2
CVE-2018-15886
Monstra CMS 3.0.4 does not properly restrict modified Snippet content, as demonstrated by the admin/index.php?id=snippets&action=edit_snippet&filename=google-analytics URI, which allows malicious users to execute arbitrary PHP code by placing this code after a <?php su...
Monstra Monstra 3.0.4
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRF
CVE-2023-52162
CVE-2024-23670
CVE-2024-5404
man-in-the-middle
CVE-2024-5214
CVE-2024-4358
CVE-2024-20696
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »