Shodan
Vulnerabilities
Vulnerable Software
Monstra:  Security Vulnerabilities
CVE-2025-69906
Monstra CMS v3.0.4 contains an arbitrary file upload vulnerability in the Files Manager plugin. The application relies on blacklist-based file extension validation and stores uploaded files directly in a web-accessible directory. Under typical server configurations, this can allow an attacker to upload files that are interpreted as executable code, resulting in remote code execution.
CVSS Score
8.8
EPSS Score
0.001
Published
2026-02-05
CVE-2024-36773
A cross-site scripting (XSS) vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Themes parameter at index.php.
CVSS Score
4.8
EPSS Score
0.001
Published
2024-06-07
CVE-2024-36774
An arbitrary file upload vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary code via uploading a crafted PHP file.
CVSS Score
7.2
EPSS Score
0.001
Published
2024-06-06
CVE-2024-36775
A cross-site scripting (XSS) vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the About Me parameter in the Edit Profile page.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-06-06
CVE-2021-40940
Monstra 3.0.4 does not filter the case of php, which leads to an unrestricted file upload vulnerability.
CVSS Score
9.8
EPSS Score
0.01
Published
2022-06-15
CVE-2021-36548
A remote code execution (RCE) vulnerability in the component /admin/index.php?id=themes&action=edit_template&filename=blog of Monstra v3.0.4 allows attackers to execute arbitrary commands via a crafted PHP file.
CVSS Score
9.8
EPSS Score
0.178
Published
2021-10-28
CVE-2020-20691
An issue in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via bypassing the file extension filter and uploading crafted HTML files.
CVSS Score
6.5
EPSS Score
0.002
Published
2021-09-27
CVE-2020-23697
Cross Site Scripting vulnerabilty in Monstra CMS 3.0.4 via the page feature in admin/index.php.
CVSS Score
5.4
EPSS Score
0.264
Published
2021-07-06
CVE-2020-23219
Monstra CMS 3.0.4 allows attackers to execute arbitrary code via a crafted payload entered into the "Snippet content" field under the "Edit Snippet" module.
CVSS Score
8.8
EPSS Score
0.01
Published
2021-07-01
CVE-2020-23205
A stored cross site scripting (XSS) vulnerability in Monstra CMS version 3.0.4 allows attackers to execute arbitrary web scripts or HTML via crafted a payload entered into the "Site Name" field under the "Site Settings" module.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-07-01


Products
Pricing
Contact Us

Shodan ® - All rights reserved