Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
monstra vulnerabilities and exploits
(subscribe to this query)
356
VMScore
CVE-2020-8439
Monstra CMS up to and including 3.0.4 allows remote authenticated users to take over arbitrary user accounts via a modified login parameter to an edit URI, as demonstrated by login=victim to the users/21/edit URI.
Monstra Monstra
580
VMScore
CVE-2018-6383
Monstra CMS up to and including 3.0.4 has an incomplete "forbidden types" list that excludes .php (and similar) file extensions but not the .pht or .phar extension, which allows remote authenticated Admins or Editors to execute arbitrary PHP code by uploading a file, a ...
Monstra Monstra
668
VMScore
CVE-2021-40940
Monstra 3.0.4 does not filter the case of php, which leads to an unrestricted file upload vulnerability.
Monstra Monstra
312
VMScore
CVE-2018-6550
Monstra CMS up to and including 3.0.4 has XSS in the title function in plugins/box/pages/pages.plugin.php via a page title to admin/index.php.
Monstra Monstra
445
VMScore
CVE-2014-9006
Monstra 3.0.1 and previous versions uses a cookie to track how many login attempts have been attempted, which allows remote malicious users to conduct brute force login attacks by deleting the login_attempts cookie or setting it to certain values.
Monstra Monstra
534
VMScore
CVE-2018-11474
Monstra CMS 3.0.4 has a Session Management Issue in the Administrations Tab. A password change at admin/index.php?id=users&action=edit&user_id=1 does not invalidate a session that is open in a different browser.
Monstra Monstra 3.0.4
383
VMScore
CVE-2018-14922
Multiple cross-site scripting (XSS) vulnerabilities in Monstra CMS 3.0.4 allow remote malicious users to inject arbitrary web script or HTML via the (1) first name or (2) last name field in the edit profile page.
Monstra Monstra 3.0.4
383
VMScore
CVE-2018-11473
Monstra CMS 3.0.4 has XSS in the registration Form (i.e., the login parameter to users/registration).
Monstra Monstra 3.0.4
668
VMScore
CVE-2021-36548
A remote code execution (RCE) vulnerability in the component /admin/index.php?id=themes&action=edit_template&filename=blog of Monstra v3.0.4 allows malicious users to execute arbitrary commands via a crafted PHP file.
Monstra Monstra 3.0.4
690
VMScore
CVE-2017-18048
Monstra CMS 3.0.4 allows users to upload arbitrary files, which leads to remote command execution on the server, for example because .php (lowercase) is blocked but .PHP (uppercase) is not.
Monstra Monstra 3.0.4
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »