Lucene search
K

399 matches found

cnnvd
cnnvd
added 2024/06/07 12:0 a.m.4 views

Monstra CMS Security Vulnerability

Monstra CMS is a lightweight PHP-based content management system CMS by Sergey Romanenko, an individual developer in Ukraine. A security vulnerability exists in Monstra CMS version v3.0.4. The vulnerability is exploited by attackers to execute arbitrary web script or HTML via a specially crafted...

4.8CVSS6.7AI score0.00366EPSS
Exploits1References2
nvd
nvd
added 2024/06/06 10:15 p.m.24 views

CVE-2024-36775

A cross-site scripting XSS vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the About Me parameter in the Edit Profile page...

5.4CVSS0.00333EPSS
Exploits1References1
nvd
nvd
added 2024/06/06 10:15 p.m.21 views

CVE-2024-36774

An arbitrary file upload vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary code via uploading a crafted PHP file...

8CVSS0.00722EPSS
Exploits1References1
cve
cve
added 2024/06/06 9:35 p.m.83 views

CVE-2024-36775

Monstra CMS 3.0.4 is affected by an XSS vulnerability in the Edit Profile page, where crafted payloads placed into the About Me field can execute arbitrary web scripts/HTML. The issue stems from reflecting or injecting content via the About Me parameter, enabling potential code execution in the c...

5.4CVSS5.9AI score0.00333EPSS
Exploits1References1Affected Software1
vulnrichment
vulnrichment
added 2024/06/06 9:35 p.m.14 views

CVE-2024-36775

A cross-site scripting XSS vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the About Me parameter in the Edit Profile page...

5.9AI score0.00333EPSS
Exploits1References1
osv
osv
added 2024/06/06 9:35 p.m.10 views

CVE-2024-36775

A cross-site scripting XSS vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the About Me parameter in the Edit Profile page...

4.7CVSS5.7AI score0.00333EPSS
Exploits1References3
cvelist
cvelist
added 2024/06/06 9:35 p.m.44 views

CVE-2024-36775

A cross-site scripting XSS vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the About Me parameter in the Edit Profile page...

0.00333EPSS
Exploits1References1
cvelist
cvelist
added 2024/06/06 9:33 p.m.23 views

CVE-2024-36774

An arbitrary file upload vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary code via uploading a crafted PHP file...

0.00722EPSS
Exploits1References1
osv
osv
added 2024/06/06 9:33 p.m.16 views

CVE-2024-36774

An arbitrary file upload vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary code via uploading a crafted PHP file...

8CVSS7.8AI score0.00722EPSS
Exploits1References3
cve
cve
added 2024/06/06 9:33 p.m.88 views

CVE-2024-36774

CVE-2024-36774 describes an arbitrary file upload vulnerability in Monstra CMS v3.0.4 that enables attackers to execute arbitrary PHP code by uploading a crafted PHP file. The issue targets the CMS itself and arises from an upload path that allows PHP payloads. Estimated impact per CVSS vectors i...

8CVSS8.1AI score0.00722EPSS
Exploits1References1Affected Software1
ptsecurity
ptsecurity
added 2024/06/06 12:0 a.m.18 views

PT-2024-27157 · Unknown · Monstra Cms

Name of the Vulnerable Software and Affected Versions: Monstra CMS version 3.0.4 Description: An arbitrary file upload issue allows attackers to execute arbitrary code via uploading a crafted PHP file. Recommendations: For Monstra CMS version 3.0.4, at the moment, there is no information about a...

8CVSS8AI score0.00722EPSS
Exploits1References6
cnnvd
cnnvd
added 2024/06/06 12:0 a.m.25 views

Monstra CMS Security Vulnerability

Monstra CMS is a lightweight PHP-based content management system CMS by Sergey Romanenko, an individual developer in Ukraine. A security vulnerability exists in Monstra CMS version v3.0.4. An attacker can exploit the vulnerability to execute arbitrary code by uploading specially crafted PHP files...

8CVSS7.7AI score0.00722EPSS
Exploits1References2
cnnvd
cnnvd
added 2024/06/06 12:0 a.m.6 views

Monstra CMS Security Vulnerability

Monstra CMS is a lightweight PHP-based content management system CMS by Sergey Romanenko, an individual developer in Ukraine. A security vulnerability exists in Monstra CMS version v3.0.4. An attacker can exploit the vulnerability to execute arbitrary web script or HTML via a specially crafted...

5.4CVSS6.7AI score0.00333EPSS
Exploits1References2
ptsecurity
ptsecurity
added 2024/06/06 12:0 a.m.8 views

PT-2024-27158 · Unknown · Monstra Cms

Name of the Vulnerable Software and Affected Versions: Monstra CMS version 3.0.4 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the About Me parameter in the Edit Profile page. This could potentially affe...

5.4CVSS6.2AI score0.00333EPSS
Exploits1References6
zdt
zdt
added 2024/06/04 12:0 a.m.337 views

Monstra CMS 3.0.4 - Remote Code Execution Exploit

Exploit Title: Monstra CMS 3.0.4 - Remote Code Execution RCE Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://monstra.org/ Software Link: https://monstra.org/monstra-3.0.4.zip Version: 3.0.4 Tested on: MacOS import requests import random import string import time import re import sys if...

7.4AI score
Exploits0
packetstorm
packetstorm
added 2024/06/03 12:0 a.m.259 views

Monstra CMS 3.0.4 Remote Code Execution

Exploit Title: Monstra CMS 3.0.4 - Remote Code Execution RCE Date: 05.05.2024 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://monstra.org/ Software Link: https://monstra.org/monstra-3.0.4.zip Version: 3.0.4 Tested on: MacOS import requests import random import string import time import...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2024/06/03 12:0 a.m.316 views

Monstra CMS 3.0.4 - Remote Code Execution (RCE)

Exploit Title: Monstra CMS 3.0.4 - Remote Code Execution RCE Date: 05.05.2024 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://monstra.org/ Software Link: https://monstra.org/monstra-3.0.4.zip Version: 3.0.4 Tested on: MacOS import requests import random import string import time import...

7.4AI score
Exploits0
zdt
zdt
added 2023/06/17 12:0 a.m.291 views

Monstra 3.0.4 - Stored Cross-Site Scripting Vulnerability

Exploit Title: Monstra 3.0.4 - Stored Cross-Site Scripting XSS Exploit Author: tmrswrr Vendor Homepage: https://monstra.org/ Software Link: https://monstra.org/monstra-3.0.4.zip Version: 3.0.4 Tested : https://www.softaculous.com/softaculous/demos/Monstra --- Description --- 1 Login admin panel a...

7.1AI score
Exploits0
exploitdb
exploitdb
added 2023/06/14 12:0 a.m.322 views

Monstra 3.0.4 - Stored Cross-Site Scripting (XSS)

Exploit Title: Monstra 3.0.4 - Stored Cross-Site Scripting XSS Date: 2023-06-13 Exploit Author: tmrswrr Vendor Homepage: https://monstra.org/ Software Link: https://monstra.org/monstra-3.0.4.zip Version: 3.0.4 Tested : https://www.softaculous.com/softaculous/demos/Monstra --- Description --- 1...

7.4AI score
Exploits0
openvas
openvas
added 2022/08/09 12:0 a.m.20 views

Monstra CMS <= 3.0.4 RCE Vulnerability (Jul 2021)

Monstra CMS is prone to a remote code execution RCE vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

9.8CVSS9.9AI score0.03204EPSS
Exploits1References1
Rows per page
Query Builder