Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Monstra
(Monstra)| Repositories | https://github.com/monstra-cms/monstra |
| #Vulnerabilities | 34 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-03-07 | CVE-2020-8439 | Monstra CMS through 3.0.4 allows remote authenticated users to take over arbitrary user accounts via a modified login parameter to an edit URI, as demonstrated by login=victim to the users/21/edit URI. | Monstra | 6.5 | ||
| 2020-05-22 | CVE-2020-13384 | Monstra CMS 3.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via admin/index.php?id=filesmanager because, for example, .php filenames are blocked but .php7 filenames are not, a related issue to CVE-2017-18048. | Monstra | 8.8 | ||
| 2021-06-17 | CVE-2020-25414 | A local file inclusion vulnerability was discovered in the captcha function in Monstra 3.0.4 which allows remote attackers to execute arbitrary PHP code. | Monstra | 9.8 | ||
| 2021-10-28 | CVE-2021-36548 | A remote code execution (RCE) vulnerability in the component /admin/index.php?id=themes&action=edit_template&filename=blog of Monstra v3.0.4 allows attackers to execute arbitrary commands via a crafted PHP file. | Monstra | 9.8 |