Description
A local file inclusion vulnerability was discovered in the captcha function in Monstra 3.0.4 which allows remote attackers to execute arbitrary PHP code.
Scores
CVSS v3
9.8
EPSS
0.0157
EPSS Percentile
81.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-829
Status
published
Products (1)
monstra/monstra
3.0.4
Published
Jun 17, 2021
Tracked Since
Feb 18, 2026