Vulnerabilities > CVE-2018-16608 - Authorization Bypass Through User-Controlled Key vulnerability in Monstra 3.0.4

CVSS 4.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

monstra

CWE-639

NVD

Published: 2018-09-10

Updated: 2019-10-03

Summary

In Monstra CMS 3.0.4, an attacker with 'Editor' privileges can change the password of the administrator via an admin/index.php?id=users&action=edit&user_id=1, Insecure Direct Object Reference (IDOR).

Vulnerable Configurations

Part	Description	Count
Application	Monstra Monstra Monstra 3.0.4	1

Common Weakness Enumeration (CWE)

CWE-639 - Authorization Bypass Through User-Controlled Key

References

https://github.com/monstra-cms/monstra/issues/453