Product:

Monstra_cms

(Monstra)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 8
Date Id Summary Products Score Patch Annotated
2020-06-09 CVE-2020-13978 Monstra CMS 3.0.4 allows an attacker, who already has administrative access to modify .chunk.php files on the Edit Chunk screen, to execute arbitrary OS commands via the Theme Module by visiting the admin/index.php?id=themes&action=edit_chunk URI. NOTE: there is no indication that the Edit Chunk feature was intended to prevent an administrator from using PHP's exec feature Monstra_cms 7.2
2021-07-01 CVE-2020-23205 A stored cross site scripting (XSS) vulnerability in Monstra CMS version 3.0.4 allows attackers to execute arbitrary web scripts or HTML via crafted a payload entered into the "Site Name" field under the "Site Settings" module. Monstra_cms 5.4
2021-07-01 CVE-2020-23219 Monstra CMS 3.0.4 allows attackers to execute arbitrary code via a crafted payload entered into the "Snippet content" field under the "Edit Snippet" module. Monstra_cms 8.8
2021-07-06 CVE-2020-23697 Cross Site Scripting vulnerabilty in Monstra CMS 3.0.4 via the page feature in admin/index.php. Monstra_cms 5.4
2021-09-27 CVE-2020-20691 An issue in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via bypassing the file extension filter and uploading crafted HTML files. Monstra_cms 6.5
2020-03-02 CVE-2018-19599 Monstra CMS 1.6 allows XSS via an uploaded SVG document to the admin/index.php?id=filesmanager&path=uploads/ URI. NOTE: this is a discontinued product. Monstra_cms N/A
2019-07-03 CVE-2018-11227 Monstra CMS 3.0.4 and earlier has XSS via index.php. Monstra_cms 6.1
2018-06-05 CVE-2018-11678 plugins/box/users/users.plugin.php in Monstra CMS 3.0.4 allows Login Rate Limiting Bypass via manipulation of the login_attempts cookie. Monstra_cms 9.8