Vulnerabilities > Monstra > Monstra CMS > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-01 | CVE-2020-23219 | Code Injection vulnerability in Monstra CMS 3.0.4 Monstra CMS 3.0.4 allows attackers to execute arbitrary code via a crafted payload entered into the "Snippet content" field under the "Edit Snippet" module. | 8.8 |
| 2020-06-09 | CVE-2020-13978 | OS Command Injection vulnerability in Monstra CMS 3.0.4 Monstra CMS 3.0.4 allows an attacker, who already has administrative access to modify .chunk.php files on the Edit Chunk screen, to execute arbitrary OS commands via the Theme Module by visiting the admin/index.php?id=themes&action=edit_chunk URI. | 7.2 |