CVE-2020-20691

MEDIUM

Monstra Cms - Unrestricted File Upload

Title source: rule
STIX 2.1

Description

An issue in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via bypassing the file extension filter and uploading crafted HTML files.

References (1)

Core 1
Core References
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/monstra-cms/monstra/issues/461

Scores

CVSS v3 6.5
EPSS 0.0023
EPSS Percentile 45.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Details

CWE
CWE-434
Status published
Products (1)
monstra/monstra_cms 3.0.4
Published Sep 27, 2021
Tracked Since Feb 18, 2026