Vulnerabilities > Monstra > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-06 | CVE-2024-36774 | Unrestricted Upload of File with Dangerous Type vulnerability in Monstra 3.0.4 An arbitrary file upload vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary code via uploading a crafted PHP file. | 7.2 |
| 2022-06-15 | CVE-2021-40940 | Unrestricted Upload of File with Dangerous Type vulnerability in Monstra Monstra 3.0.4 does not filter the case of php, which leads to an unrestricted file upload vulnerability. | 7.5 |
| 2021-10-28 | CVE-2021-36548 | Unrestricted Upload of File with Dangerous Type vulnerability in Monstra 3.0.4 A remote code execution (RCE) vulnerability in the component /admin/index.php?id=themes&action=edit_template&filename=blog of Monstra v3.0.4 allows attackers to execute arbitrary commands via a crafted PHP file. | 7.5 |
| 2021-06-17 | CVE-2020-25414 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Monstra 3.0.4 A local file inclusion vulnerability was discovered in the captcha function in Monstra 3.0.4 which allows remote attackers to execute arbitrary PHP code. | 7.5 |
| 2020-06-09 | CVE-2020-13978 | OS Command Injection vulnerability in Monstra CMS 3.0.4 Monstra CMS 3.0.4 allows an attacker, who already has administrative access to modify .chunk.php files on the Edit Chunk screen, to execute arbitrary OS commands via the Theme Module by visiting the admin/index.php?id=themes&action=edit_chunk URI. | 7.2 |