CVSS: 7.2EPSS: 2%CPEs: 1EXPL: 1CVE-2020-13978
https://notcve.org/view.php?id=CVE-2020-13978
09 Jun 2020 — Monstra CMS 3.0.4 allows an attacker, who already has administrative access to modify .chunk.php files on the Edit Chunk screen, to execute arbitrary OS commands via the Theme Module by visiting the admin/index.php?id=themes&action=edit_chunk URI. NOTE: there is no indication that the Edit Chunk feature was intended to prevent an administrator from using PHP's exec feature ** EN DISPUTA ** Monstra CMS versión 3.0.4, permite a un atacante, que ya posee acceso administrativo para modificar archivos .chunk.php... • https://github.com/monstra-cms/monstra/issues/464 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 1CVE-2020-13384
https://notcve.org/view.php?id=CVE-2020-13384
22 May 2020 — Monstra CMS 3.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via admin/index.php?id=filesmanager because, for example, .php filenames are blocked but .php7 filenames are not, a related issue to CVE-2017-18048. Monstra CMS versión 3.0.4, permite a usuarios autenticados remotos cargar y ejecutar código PHP arbitrario por medio de admin/index.php?Id=filesmanager porque, por ejemplo, los nombres de archivo .php están bloqueados pero los nombres de archivo .php7 no lo están, un pr... • https://www.exploit-db.com/exploits/48479 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-8439
https://notcve.org/view.php?id=CVE-2020-8439
07 Mar 2020 — Monstra CMS through 3.0.4 allows remote authenticated users to take over arbitrary user accounts via a modified login parameter to an edit URI, as demonstrated by login=victim to the users/21/edit URI. Monstra CMS versiones hasta 3.0.4, permite a usuarios autenticados remotos tomar el control de cuentas de usuario arbitrarias por medio de un parámetro login modificado en un URI edit, como es demostrado por login=victim en el URI users/21/edit • http://uploadboy.me/cn40ne6p89t6/POC.mp4.html • CWE-425: Direct Request ('Forced Browsing') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2018-19599
https://notcve.org/view.php?id=CVE-2018-19599
02 Mar 2020 — Monstra CMS 1.6 allows XSS via an uploaded SVG document to the admin/index.php?id=filesmanager&path=uploads/ URI. NOTE: this is a discontinued product. Monstra CMS versión 1.6, permite un ataque de tipo XSS por medio de un documento SVG cargado en el URI admin/index.php?id=filesmanager&path=uploads/. • https://anh.im/image/lG1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 5%CPEs: 1EXPL: 1CVE-2018-11227
https://notcve.org/view.php?id=CVE-2018-11227
03 Jul 2019 — Monstra CMS 3.0.4 and earlier has XSS via index.php. Monstra CMS 3.0.4 y versiones anteriores tiene Cross-Site Scripting (XSS) mediante index.php. • https://github.com/monstra-cms/monstra/issues • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 2CVE-2018-17418
https://notcve.org/view.php?id=CVE-2018-17418
07 Mar 2019 — Monstra CMS 3.0.4 allows remote attackers to execute arbitrary PHP code via a mixed-case file extension, as demonstrated by the 123.PhP filename, because plugins\box\filesmanager\filesmanager.admin.php mishandles the forbidden_types variable. Monstra CMS, en su versión 3.0.4, permite a los atacantes remotos ejecutar código PHP arbitrario mediante una extensión de archivo en mayúsculas y minúsculas, tal y como queda demostrado con el nombre de archivo 123.PhP. Esto se debe a que plugins\box\filesmanager\file... • https://github.com/Jx0n0/monstra_cms-3.0.4--getshell • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-18694
https://notcve.org/view.php?id=CVE-2018-18694
26 Oct 2018 — admin/index.php?id=filesmanager in Monstra CMS 3.0.4 allows remote authenticated administrators to trigger stored XSS via JavaScript content in a file whose name lacks an extension. Such a file is interpreted as text/html in certain cases. admin/index.php?id=filesmanager en Monstra CMS 3.0.4 permite que administradores autenticados remotos desencadenen Cross-Site Scripting (XSS) persistente mediante contenido JavaScript en un archivo cuyo nombre carece de extensión. En determinados casos, el archivo se inte... • https://github.com/monstra-cms/monstra/issues/459 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2018-16819
https://notcve.org/view.php?id=CVE-2018-16819
18 Sep 2018 — admin/index.php in Monstra CMS 3.0.4 allows arbitrary file deletion via id=filesmanager&path=uploads/.......//./.......//./&delete_file= requests. admin/index.php en Monstra CMS 3.0.4 permite la eliminación de archivos arbitrarios mediante peticiones id=filesmanagerpath=uploads/.......//./.......//./delete_file=. • http://blog.51cto.com/13770310/2173956 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2018-16820
https://notcve.org/view.php?id=CVE-2018-16820
18 Sep 2018 — admin/index.php in Monstra CMS 3.0.4 allows arbitrary directory listing via id=filesmanager&path=uploads/.......//./.......//./ requests. admin/index.php en Monstra CMS 3.0.4 permite el listado de archivos mediante peticiones id=filesmanagerpath=uploads/.......//./.......//./. • http://blog.51cto.com/13770310/2173957 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-17025
https://notcve.org/view.php?id=CVE-2018-17025
13 Sep 2018 — admin/index.php in Monstra CMS 3.0.4 allows XSS via the page_meta_title parameter in an edit_page action for a page with no special role. admin index.php en Monstra CMS 3.0.4 permite Cross-Site Scripting (XSS) mediante el parámetro page_meta_title en una acción edit_page para una página sin un rol especial. • https://github.com/monstra-cms/monstra/issues/458 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •