Monstra: Security Vulnerabilities
Monstra CMS 3.0.4 allows users to upload arbitrary files, which leads to remote command execution on the server, for example because .php (lowercase) is blocked but .PHP (uppercase) is not.
CVSS Score
8.8
EPSS Score
0.77
Published
2018-01-23
Monstra 3.0.1 and earlier uses a cookie to track how many login attempts have been attempted, which allows remote attackers to conduct brute force login attacks by deleting the login_attempts cookie or setting it to certain values.
CVSS Score
5.0
EPSS Score
0.003
Published
2014-11-20
Page 5