Vulnerabilities > CVE-2020-28672 - Unspecified vulnerability in Monocms 1.0

CVSS 9.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

monocms

critical

NVD

Published: 2021-01-07

Updated: 2021-01-12

Summary

MonoCMS Blog 1.0 is affected by incorrect access control that can lead to remote arbitrary code execution. At monofiles/category.php:27, user input can be saved to category/[foldername]/index.php causing RCE.

Vulnerable Configurations

Part	Description	Count
Application	Monocms Monocms Monocms 1.0	1

References

https://github.com/fortest-1/vuln/blob/main/MonoCMS%20Blog/MonoCMS%20Blog%201.0_remote_code_execution.md