3 matches found
CVE-2018-11678
plugins/box/users/users.plugin.php in Monstra CMS 3.0.4 allows Login Rate Limiting Bypass via manipulation of the loginattempts cookie...
CVE-2018-11678
plugins/box/users/users.plugin.php in Monstra CMS 3.0.4 allows Login Rate Limiting Bypass via manipulation of the loginattempts cookie...
CVE-2018-11678
Monstra CMS 3.0.4 is affected: the plugin file plugins/box/users/users.plugin.php allows a Login Rate Limiting Bypass by manipulating the login_attempts cookie. Root cause: bypasses brute-force protection in the login form. Impact per sources is high; CVSSv3 indicates CRITICAL with network access...