Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
monstra monstra cms 3.0.4 vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2020-20691
An issue in Monstra CMS v3.0.4 allows malicious users to execute arbitrary web scripts or HTML via bypassing the file extension filter and uploading crafted HTML files.
Monstra Monstra Cms 3.0.4
5.4
CVSSv3
CVE-2020-23697
Cross Site Scripting vulnerabilty in Monstra CMS 3.0.4 via the page feature in admin/index.php.
Monstra Monstra Cms 3.0.4
8.8
CVSSv3
CVE-2020-23219
Monstra CMS 3.0.4 allows malicious users to execute arbitrary code via a crafted payload entered into the "Snippet content" field under the "Edit Snippet" module.
Monstra Monstra Cms 3.0.4
5.4
CVSSv3
CVE-2020-23205
A stored cross site scripting (XSS) vulnerability in Monstra CMS version 3.0.4 allows malicious users to execute arbitrary web scripts or HTML via crafted a payload entered into the "Site Name" field under the "Site Settings" module.
Monstra Monstra Cms 3.0.4
7.2
CVSSv3
CVE-2020-13978
Monstra CMS 3.0.4 allows an attacker, who already has administrative access to modify .chunk.php files on the Edit Chunk screen, to execute arbitrary OS commands via the Theme Module by visiting the admin/index.php?id=themes&action=edit_chunk URI. NOTE: there is no indication...
Monstra Monstra Cms 3.0.4
8.8
CVSSv3
CVE-2020-13384
Monstra CMS 3.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via admin/index.php?id=filesmanager because, for example, .php filenames are blocked but .php7 filenames are not, a related issue to CVE-2017-18048.
Monstra Monstra 3.0.4
6.5
CVSSv3
CVE-2020-8439
Monstra CMS up to and including 3.0.4 allows remote authenticated users to take over arbitrary user accounts via a modified login parameter to an edit URI, as demonstrated by login=victim to the users/21/edit URI.
Monstra Monstra
6.1
CVSSv3
CVE-2018-11227
Monstra CMS 3.0.4 and previous versions has XSS via index.php.
Monstra Monstra Cms
7.2
CVSSv3
CVE-2018-17418
Monstra CMS 3.0.4 allows remote malicious users to execute arbitrary PHP code via a mixed-case file extension, as demonstrated by the 123.PhP filename, because plugins\box\filesmanager\filesmanager.admin.php mishandles the forbidden_types variable.
Monstra Monstra 3.0.4
4.8
CVSSv3
CVE-2018-18694
admin/index.php?id=filesmanager in Monstra CMS 3.0.4 allows remote authenticated administrators to trigger stored XSS via JavaScript content in a file whose name lacks an extension. Such a file is interpreted as text/html in certain cases.
Monstra Monstra 3.0.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »