CVE-2018-11475

Name of the Vulnerable Software and Affected Versions Monstra CMS version 3.0.4

Description The issue concerns a session management problem in the Users tab. Specifically, changing a password at the "users/1/edit" endpoint does not invalidate an open session in a different browser.

Recommendations For Monstra CMS version 3.0.4, as a temporary workaround, consider implementing a mechanism to invalidate all active sessions when a user's password is changed. Restrict access to the "users/1/edit" endpoint until a proper fix is applied to ensure session invalidation upon password change.