CVE-2020-25985

HIGH

MonoCMS Blog 1.0 - Authenticated Arbitrary File Deletion

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-25985. PoCs published by Shahrukh Iqbal Mirza.

AI-analyzed exploit summary The exploit demonstrates an authenticated arbitrary file deletion vulnerability via directory traversal in MonoCMS Blog 1.0, along with CSRF-based account takeover and hardcoded credential disclosure. The PoC provides clear steps for exploitation without obfuscation or deception.

Description

MonoCMS Blog 1.0 is affected by: Arbitrary File Deletion. Any authenticated user can delete files on and off the webserver (php files can be unlinked and not deleted).

Exploits (1)

exploitdb WORKING POC

by Shahrukh Iqbal Mirza · textwebappsphp

https://www.exploit-db.com/exploits/48848

View Code ZIP pw:eip

The exploit demonstrates an authenticated arbitrary file deletion vulnerability via directory traversal in MonoCMS Blog 1.0, along with CSRF-based account takeover and hardcoded credential disclosure. The PoC provides clear steps for exploitation without obfuscation or deception.

Classification

Working Poc 90%

Attack Type

Info Leak | Auth Bypass | Other

Complexity

Trivial

Reliability

Reliable

Target: MonoCMS Blog 1.0

Auth required

Prerequisites: Authenticated access to MonoCMS Blog · Victim interaction for CSRF

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1087 - Account Discovery T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Product x_refsource_misc

https://monocms.com/download

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

https://www.exploit-db.com/exploits/48848

Scores

CVSS v3 8.1

EPSS 0.0170

EPSS Percentile 74.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Details

CWE

CWE-22

Status published

Products (1)

monocms/monocms 1.0

Published Oct 07, 2020

Tracked Since Feb 18, 2026