CVE-2020-8439
N/A
N/A
Summary
Monstra CMS through 3.0.4 allows remote authenticated users to take over arbitrary user accounts via a modified login parameter to an edit URI, as demonstrated by login=victim to the users/21/edit URI.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://uploadboy.me/cn40ne6p89t6/POC.mp4.html
- https://cert.ikiu.ac.ir/public-files/pages/attachments/11/02630f153869936d555a79f89d717f9c.pdf
References
- http://uploadboy.me/cn40ne6p89t6/POC.mp4.html
- https://cert.ikiu.ac.ir/public-files/pages/attachments/11/02630f153869936d555a79f89d717f9c.pdf
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.