VYPR
Vendor

MonoCMS

Products
2
CVEs
6
Across products
6
Status
Private

Products

2

Recent CVEs

6
  • CVE-2020-25985HigOct 7, 2020
    risk 0.53cvss 8.1epss 0.02

    MonoCMS Blog 1.0 is affected by: Arbitrary File Deletion. Any authenticated user can delete files on and off the webserver (php files can be unlinked and not deleted).

  • CVE-2020-25987HigOct 6, 2020
    risk 0.49cvss 7.5epss 0.02

    MonoCMS Blog 1.0 stores hard-coded admin hashes in the log.xml file in the source files for MonoCMS Blog. Hash type is bcrypt and hashcat mode 3200 can be used to crack the hash.

  • CVE-2020-28672HigJan 7, 2021
    risk 0.48cvss 7.2epss 0.12

    MonoCMS Blog 1.0 is affected by incorrect access control that can lead to remote arbitrary code execution. At monofiles/category.php:27, user input can be saved to category/[foldername]/index.php causing RCE.

  • CVE-2020-25986MedOct 6, 2020
    risk 0.42cvss 6.5epss 0.01

    A Cross Site Request Forgery (CSRF) vulnerability in MonoCMS Blog 1.0 allows attackers to change the password of a user.

  • CVE-2024-10928LowNov 6, 2024
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was found in MonoCMS up to 20240528. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /monofiles/opensaved.php of the component Posts Page. The manipulation of the argument filtcategory/filtstatus leads…

  • CVE-2024-10927LowNov 6, 2024
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was found in MonoCMS up to 20240528. It has been classified as problematic. Affected is an unknown function of the file /monofiles/account.php of the component Account Information Page. The manipulation of the argument userid leads to cross site scripting. It is…