2 matches found
CVE-2018-16608
In Monstra CMS 3.0.4, an attacker with 'Editor' privileges can change the password of the administrator via an admin/index.php?id=users&action=edit&userid=1, Insecure Direct Object Reference IDOR...
CVE-2018-16608
Monstra CMS 3.0.4 is affected by an Insecure Direct Object Reference (IDOR) in admin/index.php?id=users&action=edit&user_id=1, allowing an attacker with Editor privileges to change the administrator password. The root cause is direct object reference exposure in the user-management endpoint, enab...