VYPR

Mmonit

by Tildeslash

CVEs (5)

  • CVE-2019-11393CriApr 22, 2019
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in /admin/users/update in M/Monit before 3.7.3. It allows unprivileged users to escalate their privileges to an administrator by requesting a password change and specifying the admin parameter.

  • CVE-2014-6607Oct 6, 2014
    risk 0.04cvss epss 0.07

    M/Monit 3.3.2 and earlier does not verify the original password before changing passwords, which allows remote attackers to change the password of other users and gain privileges via the fullname and password parameters, a different vulnerability than CVE-2014-6409.

  • CVE-2014-6409Oct 6, 2014
    risk 0.03cvss epss 0.02

    Cross-site request forgery (CSRF) vulnerability in M/Monit 3.3.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that change user passwords via the fullname and password parameters to /admin/users/update.

  • CVE-2020-36969Jan 28, 2026
    risk 0.00cvss epss 0.00

    M/Monit 3.7.4 contains a privilege escalation vulnerability that allows authenticated users to modify user permissions by manipulating the admin parameter. Attackers can send a POST request to the /api/1/admin/users/update endpoint with a crafted payload to grant administrative…

  • CVE-2020-36968Jan 28, 2026
    risk 0.00cvss epss 0.00

    M/Monit 3.7.4 contains an authentication vulnerability that allows authenticated attackers to retrieve user password hashes through an administrative API endpoint. Attackers can send requests to the /api/1/admin/users/list and /api/1/admin/users/get endpoints to extract MD5…