RSS   Vulnerabilities for 'Monstra'   RSS

2018-02-02
 
CVE-2018-6550

CWE-79
 

 
Monstra CMS through 3.0.4 has XSS in the title function in plugins/box/pages/pages.plugin.php via a page title to admin/index.php.

 
2018-01-23
 
CVE-2017-18048

CWE-434
 

 
Monstra CMS 3.0.4 allows users to upload arbitrary files, which leads to remote command execution on the server, for example because .php (lowercase) is blocked but .PHP (uppercase) is not.

 
2014-11-20
 
CVE-2014-9006

 

 
Monstra 3.0.1 and earlier uses a cookie to track how many login attempts have been attempted, which allows remote attackers to conduct brute force login attacks by deleting the login_attempts cookie or setting it to certain values.

 


Copyright 2018, cxsecurity.com

 

Back to Top