CVE-2025-7060

Name of the Vulnerable Software and Affected Versions: Monitorr versions up to 1.7.6m

Description: A vulnerability was found in Monitorr, affecting an unknown part of the file assets/config/ installation/mkdbajax.php of the component Installer. The manipulation of the datadir argument leads to improper input validation. It is possible to initiate the attack remotely. The complexity of an attack is rather high, and the exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.

Recommendations: For versions up to 1.7.6m, as a temporary workaround, consider restricting access to the mkdbajax.php file until a patch is available. Additionally, avoid using the datadir argument in the affected Installer component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.