Filtered by vendor Monstra
Subscribe
Total
42 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-18048 | 1 Monstra | 1 Monstra | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Monstra CMS 3.0.4 allows users to upload arbitrary files, which leads to remote command execution on the server, for example because .php (lowercase) is blocked but .PHP (uppercase) is not. | |||||
| CVE-2014-9006 | 1 Monstra | 1 Monstra | 2024-11-21 | 5.0 MEDIUM | N/A |
| Monstra 3.0.1 and earlier uses a cookie to track how many login attempts have been attempted, which allows remote attackers to conduct brute force login attacks by deleting the login_attempts cookie or setting it to certain values. | |||||