Vulnerabilities > CVE-2020-28672 - Unspecified vulnerability in Monocms 1.0

CVSS 7.2 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

monocms

NVD

Published: 2021-01-07

Updated: 2021-01-12

Summary

MonoCMS Blog 1.0 is affected by incorrect access control that can lead to remote arbitrary code execution. At monofiles/category.php:27, user input can be saved to category/[foldername]/index.php causing RCE.

Vulnerable Configurations

Part	Description	Count
Application	Monocms Monocms Monocms 1.0	1

References

https://github.com/fortest-1/vuln/blob/main/MonoCMS%20Blog/MonoCMS%20Blog%201.0_remote_code_execution.md