CVE-2018-16820
Monstra CMS 3.0.4 is affected by a directory-traversal in admin/index.php, exploitable via id=filesmanager&path=uploads/… requests to list arbitrary directories. Root cause is improper handling of the path parameter that enables traversal. Impact per NVD: High (CVSSv3 7.5) for confidentiality los...