VYPR
Vendor

Monitorr

Products
1
CVEs
9
Across products
10
Status
Private

Products

1

Recent CVEs

9
  • CVE-2020-28871CriFeb 10, 2021
    risk 0.74cvss 9.8epss 0.86

    Remote code execution in Monitorr v1.7.6m in upload.php allows an unauthorized person to execute arbitrary code on the server-side via an insecure file upload.

  • CVE-2020-28872CriApr 12, 2021
    risk 0.64cvss 9.8epss 0.03

    An authorization bypass vulnerability in Monitorr v1.7.6m in Monitorr/assets/config/_installation/_register.php allows an unauthorized person to create valid credentials.

  • CVE-2013-7070CriDec 31, 2019
    risk 0.57cvss 9.8epss 0.04

    The handle_request function in lib/HTTPServer.pm in Monitorix before 3.3.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the URI.

  • CVE-2023-26775HigApr 4, 2023
    risk 0.55cvss 7.8epss 0.49

    File Upload vulnerability found in Monitorr v.1.7.6 allows a remote attacker t oexecute arbitrary code via a crafted file upload to the assets/php/upload.php endpoint.

  • CVE-2023-26776MedApr 4, 2023
    risk 0.40cvss 6.1epss 0.01

    Cross Site Scripting vulnerability found in Monitorr v.1.7.6 allows a remote attacker to execute arbitrary code via the title parameter of the post_receiver-services.php file.

  • CVE-2018-7649MedAug 2, 2018
    risk 0.40cvss 6.1epss 0.01

    Monitorix before 3.10.1 allows XSS via CGI variables.

  • CVE-2013-7071MedDec 31, 2019
    risk 0.33cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in the handle_request function in lib/HTTPServer.pm in Monitorix before 3.4.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

  • CVE-2025-7060MedJul 4, 2025
    risk 0.27cvss 4.1epss 0.00

    A vulnerability was found in Monitorr up to 1.7.6m. It has been classified as problematic. This affects an unknown part of the file assets/config/_installation/mkdbajax.php of the component Installer. The manipulation of the argument datadir leads to improper input validation.…

  • CVE-2021-3325CriJan 27, 2021
    risk 0.00cvss 9.8epss 0.02

    Monitorix 3.13.0 allows remote attackers to bypass Basic Authentication in a default installation (i.e., an installation without a hosts_deny option). This issue occurred because a new access-control feature was introduced without considering that some exiting installations…