24 matches found
CVE-2025-69906
Monstra CMS v3.0.4 contains an arbitrary file upload vulnerability in the Files Manager plugin. The application relies on blacklist-based file extension validation and stores uploaded files directly in a web-accessible directory. Under typical server configurations, this can allow an attacker to...
CVE-2025-69906
Monstra CMS v3.0.4 contains an arbitrary file upload vulnerability in the Files Manager plugin. The application relies on blacklist-based file extension validation and stores uploaded files directly in a web-accessible directory. Under typical server configurations, this can allow an attacker to...
CVE-2025-69906
CVE-2025-69906 affects Monstra CMS v3.0.4, specifically the Files Manager plugin. The vulnerability arises from blacklist-based file extension validation and storing uploaded files in a web-accessible directory, enabling remote code execution when uploaded files are interpreted as executable code...
CVE-2025-69906
Monstra CMS v3.0.4 contains an arbitrary file upload vulnerability in the Files Manager plugin. The application relies on blacklist-based file extension validation and stores uploaded files directly in a web-accessible directory. Under typical server configurations, this can allow an attacker to...
PT-2026-6595
Name of the Vulnerable Software and Affected Versions Monstra CMS version 3.0.4 Description Monstra CMS version 3.0.4’s Files Manager plugin has an issue where arbitrary files can be uploaded. The application uses a blacklist to validate file extensions and stores uploaded files in a directory...
CVE-2025-69906
Monstra CMS v3.0.4 contains an arbitrary file upload vulnerability in the Files Manager plugin. The application relies on blacklist-based file extension validation and stores uploaded files directly in a web-accessible directory. Under typical server configurations, this can allow an attacker to...
EUVD-2025-206862
Monstra CMS v3.0.4 contains an arbitrary file upload vulnerability in the Files Manager plugin. The application relies on blacklist-based file extension validation and stores uploaded files directly in a web-accessible directory. Under typical server configurations, this can allow an attacker to...
Monstra CMS 安全漏洞
Monstra CMS is a lightweight content management system CMS developed by Sergey Romanenko from Ukraine using PHP. Version 3.0.4 of Monstra CMS has a security vulnerability. This vulnerability stems from the Files Manager plugin, which allows arbitrary file uploads. The application relies on...
CVE-2025-69906
Monstra CMS v3.0.4 contains an arbitrary file upload vulnerability in the Files Manager plugin. The application relies on blacklist-based file extension validation and stores uploaded files directly in a web-accessible directory. Under typical server configurations, this can allow an attacker to...
Exploit for CVE-2025-69906
make it a readme.md to paste into it CVE-2025-69906: Monstra...
EUVD-2025-30327
Malicious code in bioql PyPI...
CVE-2025-56869
Directory traversal vulnerability in Sync In server thru 1.1.1 allowing authenticated attackers to gain read and write access to the system via FilesManager.saveMultipart function in backend/src/applications/files/services/files-manager.service.ts, and FilesManager.compress function in...
CVE-2025-56869
Directory traversal vulnerability in Sync In server thru 1.1.1 allowing authenticated attackers to gain read and write access to the system via FilesManager.saveMultipart function in backend/src/applications/files/services/files-manager.service.ts, and FilesManager.compress function in...
CVE-2025-56869
Directory traversal vulnerability in Sync In server thru 1.1.1 allowing authenticated attackers to gain read and write access to the system via FilesManager.saveMultipart function in backend/src/applications/files/services/files-manager.service.ts, and FilesManager.compress function in...
CVE-2025-56869
Directory traversal vulnerability in Sync In server thru 1.1.1 allowing authenticated attackers to gain read and write access to the system via FilesManager.saveMultipart function in backend/src/applications/files/services/files-manager.service.ts, and FilesManager.compress function in...
Sync in 安全漏洞
Sync in is a server synchronization platform from Sync-in open source. A security vulnerability exists in Sync in 1.1.1 and earlier versions, which stems from a directory traversal issue in the FilesManager.saveMultipart and FilesManager.compress functions that could allow an authenticated attack...
PT-2025-38583
Name of the Vulnerable Software and Affected Versions Sync In versions through 1.1.1 Description A directory traversal issue exists in Sync In server. Authenticated attackers can achieve read and write access to the system through the FilesManager.saveMultipart function located in...
CVE-2025-56869
Directory traversal vulnerability in Sync In server thru 1.1.1 allowing authenticated attackers to gain read and write access to the system via FilesManager.saveMultipart function in backend/src/applications/files/services/files-manager.service.ts, and FilesManager.compress function in...
Path Traversal via Files Manager
Description Please enter a description of the vulnerability. Steps to reproduce 1.Login to admin panel and go to Modules - Files http://localhost/microweber/admin/view:modules/loadmodule:files 2.Click any file, the url will have the following format:...
CVE-2018-19599
Monstra CMS 1.6 allows XSS via an uploaded SVG document to the admin/index.php?id=filesmanager&path=uploads/ URI. NOTE: this is a discontinued product...