Show filters
34 Total Results
Displaying 31-34 of 34
Sort by:
Attacker Value
Unknown

CVE-2018-10118

Disclosure Date: April 16, 2018 (last updated November 26, 2024)
Monstra CMS 3.0.4 has Stored XSS via the Name field on the Create New Page screen under the admin/index.php?id=pages URI, related to plugins/box/pages/pages.admin.php.
0
0
Attacker Value
Unknown

CVE-2018-9037

Disclosure Date: April 10, 2018 (last updated November 26, 2024)
Monstra CMS 3.0.4 allows remote code execution via an upload_file request for a .zip file, which is automatically extracted and may contain .php files.
0
0
Attacker Value
Unknown

CVE-2018-9038

Disclosure Date: April 10, 2018 (last updated November 26, 2024)
Monstra CMS 3.0.4 allows remote attackers to delete files via an admin/index.php?id=filesmanager&delete_dir=./&path=uploads/ request.
0
0
Attacker Value
Unknown

CVE-2017-18048

Disclosure Date: January 23, 2018 (last updated November 26, 2024)
Monstra CMS 3.0.4 allows users to upload arbitrary files, which leads to remote command execution on the server, for example because .php (lowercase) is blocked but .PHP (uppercase) is not.
0
0
View More Topics  < Previous