CVE-2018-11474
Monstra CMS 3.0.4 is affected by a Session Management Issue in the Administrations Tab (admin/index.php?id=users&action=edit&user_id=1). According to CVE-2018-11474, changing a user password does not invalidate an active session from another browser, enabling an existing session to remain authent...