Vulnerabilities > Monstra > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-15 | CVE-2021-40940 | Unrestricted Upload of File with Dangerous Type vulnerability in Monstra Monstra 3.0.4 does not filter the case of php, which leads to an unrestricted file upload vulnerability. | 9.8 |
| 2021-10-28 | CVE-2021-36548 | Unrestricted Upload of File with Dangerous Type vulnerability in Monstra 3.0.4 A remote code execution (RCE) vulnerability in the component /admin/index.php?id=themes&action=edit_template&filename=blog of Monstra v3.0.4 allows attackers to execute arbitrary commands via a crafted PHP file. | 9.8 |
| 2021-06-17 | CVE-2020-25414 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Monstra 3.0.4 A local file inclusion vulnerability was discovered in the captcha function in Monstra 3.0.4 which allows remote attackers to execute arbitrary PHP code. | 9.8 |
| 2018-06-05 | CVE-2018-11678 | Improper Input Validation vulnerability in Monstra CMS 3.0.4 plugins/box/users/users.plugin.php in Monstra CMS 3.0.4 allows Login Rate Limiting Bypass via manipulation of the login_attempts cookie. | 9.8 |