Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
monstra monstra 3.0.4 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2020-25414
A local file inclusion vulnerability exists in the captcha function in Monstra 3.0.4 which allows remote malicious users to execute arbitrary PHP code.
Monstra Monstra 3.0.4
5
CVSSv2
CVE-2018-16977
Monstra CMS V3.0.4 has an information leakage risk (e.g., PATH, DOCUMENT_ROOT, and SERVER_ADMIN) in libraries/Gelato/ErrorHandler/Resources/Views/Errors/exception.php.
Monstra Monstra 3.0.4
4.3
CVSSv2
CVE-2018-16978
Monstra CMS V3.0.4 has XSS when ones tries to register an account with a crafted password parameter to users/registration, a different vulnerability than CVE-2018-11473.
Monstra Monstra 3.0.4
5.8
CVSSv2
CVE-2018-16979
Monstra CMS V3.0.4 allows HTTP header injection in the plugins/captcha/crypt/cryptographp.php cfg parameter, a related issue to CVE-2012-2943.
Monstra Monstra 3.0.4
6
CVSSv2
CVE-2018-11474
Monstra CMS 3.0.4 has a Session Management Issue in the Administrations Tab. A password change at admin/index.php?id=users&action=edit&user_id=1 does not invalidate a session that is open in a different browser.
Monstra Monstra 3.0.4
7.5
CVSSv2
CVE-2021-36548
A remote code execution (RCE) vulnerability in the component /admin/index.php?id=themes&action=edit_template&filename=blog of Monstra v3.0.4 allows malicious users to execute arbitrary commands via a crafted PHP file.
Monstra Monstra 3.0.4
4.3
CVSSv2
CVE-2018-14922
Multiple cross-site scripting (XSS) vulnerabilities in Monstra CMS 3.0.4 allow remote malicious users to inject arbitrary web script or HTML via the (1) first name or (2) last name field in the edit profile page.
Monstra Monstra 3.0.4
6.5
CVSSv2
CVE-2018-17418
Monstra CMS 3.0.4 allows remote malicious users to execute arbitrary PHP code via a mixed-case file extension, as demonstrated by the 123.PhP filename, because plugins\box\filesmanager\filesmanager.admin.php mishandles the forbidden_types variable.
Monstra Monstra 3.0.4
4.3
CVSSv2
CVE-2018-11472
Monstra CMS 3.0.4 has Reflected XSS during Login (i.e., the login parameter to admin/index.php).
Monstra Monstra 3.0.4
1 Github repository
6
CVSSv2
CVE-2018-11475
Monstra CMS 3.0.4 has a Session Management Issue in the Users tab. A password change at users/1/edit does not invalidate a session that is open in a different browser.
Monstra Monstra 3.0.4
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »