In Monstra CMS 3.0.4, an attacker with 'Editor' privileges can change the password of the administrator via an admin/index.php?id=users&action=edit&user_id=1, Insecure Direct Object Reference (IDOR).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
monstra monstra 3.0.4 |