5 matches found
CVE-2025-69906
Monstra CMS v3.0.4 contains an arbitrary file upload vulnerability in the Files Manager plugin. The application relies on blacklist-based file extension validation and stores uploaded files directly in a web-accessible directory. Under typical server configurations, this can allow an attacker to...
Code Execution Vulnerability in Monstra
Monstra is a lightweight content management system CMS. A code execution vulnerability exists in Monstra, which can be exploited by an attacker to gain control of a web server...
Monstra CMS Cross-Site Scripting Vulnerability (CNVD-2018-15388)
Monstra CMS is a lightweight PHP-based content management system CMS developed by Ukrainian software developer Sergey Romanenko. The system is easy to install and use, scalable and so on. A cross-site scripting vulnerability exists in the registry of Monstra CMS version 3.0.4, which stems from th...
Monstra CMS Cross-Site Scripting Vulnerability (CNVD-2018-08767)
Monstra CMS is a lightweight PHP-based content management system CMS developed by Ukrainian software developer Sergey Romanenko. The system is easy to install and use, scalable and so on. A cross-site scripting vulnerability exists in the plugins/box/pages/pages.admin.php file in Monstra CMS...
CVE-2018-9038
Monstra CMS 3.0.4 allows remote attackers to delete files via an admin/index.php?id=filesmanager&deletedir=./&path=uploads/ request...