📦 Monstra

Monstra CMS 3.0.4 has an unrestricted file upload vulnerability due to insufficient filtering of PHP file extensions. Attackers can upload malicious PHP files to execute arbitrary code on the server. ...

This vulnerability allows remote attackers to execute arbitrary PHP code through a local file inclusion flaw in Monstra CMS's captcha function. Attackers can potentially take full control of affected ...

This cross-site scripting (XSS) vulnerability in Monstra CMS allows attackers to inject malicious scripts into the Themes parameter, which could lead to session hijacking, defacement, or credential th...

This cross-site scripting (XSS) vulnerability in Monstra CMS v3.0.4 allows attackers to inject malicious scripts into the 'About Me' field of user profiles. When other users view these profiles, the s...