CVE-2020-13978

Monstra CMS 3.0.4 allows an attacker, who already has administrative access to modify .chunk.php files on the Edit Chunk screen, to execute arbitrary OS commands via the Theme Module by visiting the admin/index.php?id=themes=editchunk URI. NOTE: there is no indication that the Edit Chunk feature...

CVE-2020-13978

Monstra CMS 3.0.4 allows an attacker, who already has administrative access to modify .chunk.php files on the Edit Chunk screen, to execute arbitrary OS commands via the Theme Module by visiting the admin/index.php?id=themes&action=editchunk URI. NOTE: there is no indication that the Edit Chunk...

Design/Logic Flaw

Monstra CMS 3.0.4 allows an attacker, who already has administrative access to modify .chunk.php files on the Edit Chunk screen, to execute arbitrary OS commands via the Theme Module by visiting the admin/index.php?id=themes&action=editchunk URI. NOTE: there is no indication that the Edit Chunk...

CVE-2020-13978

Monstra CMS 3.0.4 allows an attacker, who already has administrative access to modify .chunk.php files on the Edit Chunk screen, to execute arbitrary OS commands via the Theme Module by visiting the admin/index.php?id=themes&action=editchunk URI. NOTE: there is no indication that the Edit Chunk...

CVE-2020-13978

Monstra CMS 3.0.4 is affected by a command-injection style issue: an attacker with existing administrative access can modify .chunk.php files via the Edit Chunk screen and trigger arbitrary OS commands through the Theme Module by visiting admin/index.php?id=themes&action=edit_chunk. The Red Hat/R...

PT-2020-13814 · Monstra · Monstra Cms

Name of the Vulnerable Software and Affected Versions: Monstra CMS version 3.0.4 Description: The issue allows an attacker with administrative access to execute arbitrary OS commands via the Theme Module by visiting the "admin/index.php?id=themes&action=edit chunk" URI. This is achieved by...