CVE-2024-10928
- EPSS 0.19%
- Veröffentlicht 06.11.2024 23:15:04
- Zuletzt bearbeitet 22.11.2024 19:10:19
A vulnerability was found in MonoCMS up to 20240528. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /monofiles/opensaved.php of the component Posts Page. The manipulation of the argument fi...
CVE-2024-10927
- EPSS 0.19%
- Veröffentlicht 06.11.2024 23:15:03
- Zuletzt bearbeitet 22.11.2024 19:14:48
A vulnerability was found in MonoCMS up to 20240528. It has been classified as problematic. Affected is an unknown function of the file /monofiles/account.php of the component Account Information Page. The manipulation of the argument userid leads to...
- EPSS 5.87%
- Veröffentlicht 07.01.2021 15:15:14
- Zuletzt bearbeitet 21.11.2024 05:23:07
MonoCMS Blog 1.0 is affected by incorrect access control that can lead to remote arbitrary code execution. At monofiles/category.php:27, user input can be saved to category/[foldername]/index.php causing RCE.
CVE-2020-25985
- EPSS 3.57%
- Veröffentlicht 07.10.2020 12:15:11
- Zuletzt bearbeitet 21.11.2024 05:19:01
MonoCMS Blog 1.0 is affected by: Arbitrary File Deletion. Any authenticated user can delete files on and off the webserver (php files can be unlinked and not deleted).
CVE-2020-25986
- EPSS 0.12%
- Veröffentlicht 06.10.2020 13:15:13
- Zuletzt bearbeitet 21.11.2024 05:19:01
A Cross Site Request Forgery (CSRF) vulnerability in MonoCMS Blog 1.0 allows attackers to change the password of a user.
CVE-2020-25987
- EPSS 0.31%
- Veröffentlicht 06.10.2020 13:15:13
- Zuletzt bearbeitet 21.11.2024 05:19:02
MonoCMS Blog 1.0 stores hard-coded admin hashes in the log.xml file in the source files for MonoCMS Blog. Hash type is bcrypt and hashcat mode 3200 can be used to crack the hash.