PT-2021-10531 · Unknown · Monstra Cms

Yaoyao6688

Published

2021-09-27

Updated

2021-10-08

CVE-2020-20691

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: Monstra CMS version 3.0.4

Description: An issue in Monstra CMS allows attackers to execute arbitrary web scripts or HTML via bypassing the file extension filter and uploading crafted HTML files.

Recommendations: For Monstra CMS version 3.0.4, update to a version that fixes the file extension filter bypass issue to prevent arbitrary web script or HTML execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2020-20691

Affected Products

Monstra Cms

PT-2021-10531 · Unknown · Monstra Cms

CVE-2020-20691

Weakness Enumeration

Related Identifiers

Affected Products

References · 6