VYPR

Monstra

by Monstra

Source repositories

CVEs (42)

  • CVE-2017-18048HigJan 23, 2018
    risk 0.65cvss 8.8epss 0.64

    Monstra CMS 3.0.4 allows users to upload arbitrary files, which leads to remote command execution on the server, for example because .php (lowercase) is blocked but .PHP (uppercase) is not.

  • CVE-2021-40940CriJun 15, 2022
    risk 0.64cvss 9.8epss 0.02

    Monstra 3.0.4 does not filter the case of php, which leads to an unrestricted file upload vulnerability.

  • CVE-2021-36548CriOct 28, 2021
    risk 0.64cvss 9.8epss 0.03

    A remote code execution (RCE) vulnerability in the component /admin/index.php?id=themes&action=edit_template&filename=blog of Monstra v3.0.4 allows attackers to execute arbitrary commands via a crafted PHP file.

  • CVE-2020-25414CriJun 17, 2021
    risk 0.64cvss 9.8epss 0.02

    A local file inclusion vulnerability was discovered in the captcha function in Monstra 3.0.4 which allows remote attackers to execute arbitrary PHP code.

  • CVE-2018-11678CriJun 5, 2018
    risk 0.64cvss 9.8epss 0.02

    plugins/box/users/users.plugin.php in Monstra CMS 3.0.4 allows Login Rate Limiting Bypass via manipulation of the login_attempts cookie.

  • CVE-2018-6383HigJan 29, 2018
    risk 0.61cvss 8.8epss 0.14

    Monstra CMS through 3.0.4 has an incomplete "forbidden types" list that excludes .php (and similar) file extensions but not the .pht or .phar extension, which allows remote authenticated Admins or Editors to execute arbitrary PHP code by uploading a file, a different…

  • CVE-2020-23219HigJul 1, 2021
    risk 0.57cvss 8.8epss 0.02

    Monstra CMS 3.0.4 allows attackers to execute arbitrary code via a crafted payload entered into the "Snippet content" field under the "Edit Snippet" module.

  • CVE-2020-13384HigMay 22, 2020
    risk 0.57cvss 8.8epss 0.03

    Monstra CMS 3.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via admin/index.php?id=filesmanager because, for example, .php filenames are blocked but .php7 filenames are not, a related issue to CVE-2017-18048.

  • CVE-2018-16608HigSep 10, 2018
    risk 0.57cvss 8.8epss 0.01

    In Monstra CMS 3.0.4, an attacker with 'Editor' privileges can change the password of the administrator via an admin/index.php?id=users&action=edit&user_id=1, Insecure Direct Object Reference (IDOR).

  • CVE-2018-9037HigApr 10, 2018
    risk 0.57cvss 8.8epss 0.03

    Monstra CMS 3.0.4 allows remote code execution via an upload_file request for a .zip file, which is automatically extracted and may contain .php files.

  • CVE-2018-11475HigMay 25, 2018
    risk 0.52cvss 8.0epss 0.01

    Monstra CMS 3.0.4 has a Session Management Issue in the Users tab. A password change at users/1/edit does not invalidate a session that is open in a different browser.

  • CVE-2018-11474HigMay 25, 2018
    risk 0.52cvss 8.0epss 0.01

    Monstra CMS 3.0.4 has a Session Management Issue in the Administrations Tab. A password change at admin/index.php?id=users&action=edit&user_id=1 does not invalidate a session that is open in a different browser.

  • CVE-2018-16820HigSep 18, 2018
    risk 0.49cvss 7.5epss 0.02

    admin/index.php in Monstra CMS 3.0.4 allows arbitrary directory listing via id=filesmanager&path=uploads/.......//./.......//./ requests.

  • CVE-2024-36774HigJun 6, 2024
    risk 0.47cvss 7.2epss 0.01

    An arbitrary file upload vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary code via uploading a crafted PHP file.

  • CVE-2020-13978HigJun 9, 2020
    risk 0.47cvss 7.2epss 0.01

    Monstra CMS 3.0.4 allows an attacker, who already has administrative access to modify .chunk.php files on the Edit Chunk screen, to execute arbitrary OS commands via the Theme Module by visiting the admin/index.php?id=themes&action=edit_chunk URI. NOTE: there is no indication…

  • CVE-2018-17418HigMar 7, 2019
    risk 0.47cvss 7.2epss 0.03

    Monstra CMS 3.0.4 allows remote attackers to execute arbitrary PHP code via a mixed-case file extension, as demonstrated by the 123.PhP filename, because plugins\box\filesmanager\filesmanager.admin.php mishandles the forbidden_types variable.

  • CVE-2018-15886HigSep 10, 2018
    risk 0.47cvss 7.2epss 0.02

    Monstra CMS 3.0.4 does not properly restrict modified Snippet content, as demonstrated by the admin/index.php?id=snippets&action=edit_snippet&filename=google-analytics URI, which allows attackers to execute arbitrary PHP code by placing this code after a <?php substring.

  • CVE-2018-9038MedApr 10, 2018
    risk 0.46cvss 6.5epss 0.10

    Monstra CMS 3.0.4 allows remote attackers to delete files via an admin/index.php?id=filesmanager&delete_dir=./&path=uploads/ request.

  • CVE-2020-20691MedSep 27, 2021
    risk 0.42cvss 6.5epss 0.01

    An issue in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via bypassing the file extension filter and uploading crafted HTML files.

  • CVE-2020-8439MedMar 7, 2020
    risk 0.42cvss 6.5epss 0.02

    Monstra CMS through 3.0.4 allows remote authenticated users to take over arbitrary user accounts via a modified login parameter to an edit URI, as demonstrated by login=victim to the users/21/edit URI.

Page 1 of 3