Major Versions
click and drag to zoom
Security Vulnerabilities for Version:
Severities:
Type
|
Identifier
|
Related Record |
Severity
|
Date Published
|
Description | Versions Affected |
|---|---|---|---|---|---|
| CVE-2021-40940 | High | Jun 15, 2022 | Monstra 3.0.4 does not filter the case of php, which leads to an unrestricted file upload vulnerability. |
2.1.2, 2.0.1, 2.1.1, 2.0.0, 2.1.3, 1.3.1, 1.3.0, 1.2.1, 1.2.0, 1.1.6
|
|
| CVE-2020-8439 | Medium | Mar 07, 2020 | Monstra CMS through 3.0.4 allows remote authenticated users to take over arbitrary user accounts via a modified login parameter to an edit URI, as demo more... |
2.1.2, 2.0.1, 2.1.1, 2.0.0, 2.1.3, 1.3.1, 1.3.0, 1.2.1, 1.2.0, 1.1.6
|
|
| CVE-2018-6550 | Low | Feb 02, 2018 | Monstra CMS through 3.0.4 has XSS in the title function in plugins/box/pages/pages.plugin.php via a page title to admin/index.php. |
2.1.2, 2.0.1, 2.1.1, 2.0.0, 2.1.3, 1.3.1, 1.3.0, 1.2.1, 1.2.0, 1.1.6
|
|
| CVE-2018-6383 | Medium | Jan 29, 2018 | Monstra CMS through 3.0.4 has an incomplete "forbidden types" list that excludes .php (and similar) file extensions but not the .pht or .phar extension more... |
2.1.2, 2.0.1, 2.1.1, 2.0.0, 2.1.3, 1.3.1, 1.3.0, 1.2.1, 1.2.0, 1.1.6
|
|
| CVE-2018-11227 | Medium | Jul 03, 2019 | Monstra CMS 3.0.4 and earlier has XSS via index.php. |
2.1.2, 2.0.1, 2.1.1, 2.0.0, 2.1.3, 1.3.1, 1.3.0, 1.2.1, 1.2.0, 1.1.6
|
|
| CVE-2014-9006 | Medium | Nov 20, 2014 | Monstra 3.0.1 and earlier uses a cookie to track how many login attempts have been attempted, which allows remote attackers to conduct brute force logi more... |
2.1.2, 2.0.1, 2.1.1, 2.0.0, 2.1.3, 1.3.1, 1.3.0, 1.2.1, 1.2.0, 1.1.6
|
