Vulnerabilities > CVE-2018-16608 - Authorization Bypass Through User-Controlled Key vulnerability in Monstra 3.0.4
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
In Monstra CMS 3.0.4, an attacker with 'Editor' privileges can change the password of the administrator via an admin/index.php?id=users&action=edit&user_id=1, Insecure Direct Object Reference (IDOR).
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |