Skip to main content

Monstra CVE-2014-9006

MEDIUM
Credentials Management Errors (CWE-255)
2014-11-20 cve@mitre.org
5.0
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
5.0 MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:N/C:N/I:P/A:N
Attack Vector
Network
Attack Complexity
Low
Confidentiality
None
Integrity
P
Availability
None

Lifecycle Timeline

1
CVE Published
Nov 20, 2014 - 13:55 cve.org
MEDIUM 5.0

DescriptionCVE.org

Monstra 3.0.1 and earlier uses a cookie to track how many login attempts have been attempted, which allows remote attackers to conduct brute force login attacks by deleting the login_attempts cookie or setting it to certain values.

AnalysisAI

Monstra 3.0.1 and earlier uses a cookie to track how many login attempts have been attempted, which allows remote attackers to conduct brute force login attacks by deleting the login_attempts cookie. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-255. Monstra 3.0.1 and earlier uses a cookie to track how many login attempts have been attempted, which allows remote attackers to conduct brute force login attacks by deleting the login_attempts cookie or setting it to certain values. Affected products include: Monstra.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2021-36548 CRITICAL POC
9.8 Oct 28

A remote code execution (RCE) vulnerability in the component /admin/index.php?id=themes&action=edit_template&filename=bl

CVE-2020-13384 HIGH POC
8.8 May 22

Monstra CMS 3.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via admin/index.php?id=file

CVE-2018-16608 HIGH POC
8.8 Sep 10

In Monstra CMS 3.0.4, an attacker with 'Editor' privileges can change the password of the administrator via an admin/ind

CVE-2018-9037 HIGH POC
8.8 Apr 10

Monstra CMS 3.0.4 allows remote code execution via an upload_file request for a .zip file, which is automatically extrac

CVE-2018-6383 HIGH POC
8.8 Jan 29

Monstra CMS through 3.0.4 has an incomplete "forbidden types" list that excludes .php (and similar) file extensions but

CVE-2018-16820 HIGH POC
7.5 Sep 18

admin/index.php in Monstra CMS 3.0.4 allows arbitrary directory listing via id=filesmanager&path=uploads/.......//./....

CVE-2024-36774 HIGH POC
7.2 Jun 06

An arbitrary file upload vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary code via uploading a

CVE-2018-15886 HIGH POC
7.2 Sep 10

Monstra CMS 3.0.4 does not properly restrict modified Snippet content, as demonstrated by the admin/index.php?id=snippet

CVE-2020-8439 MEDIUM POC
6.5 Mar 07

Monstra CMS through 3.0.4 allows remote authenticated users to take over arbitrary user accounts via a modified login pa

CVE-2018-9038 MEDIUM POC
6.5 Apr 10

Monstra CMS 3.0.4 allows remote attackers to delete files via an admin/index.php?id=filesmanager&delete_dir=./&path=uplo

CVE-2018-17025 MEDIUM POC
6.1 Sep 13

admin/index.php in Monstra CMS 3.0.4 allows XSS via the page_meta_title parameter in an edit_page action for a page with

CVE-2018-16979 MEDIUM POC
6.1 Sep 12

Monstra CMS V3.0.4 allows HTTP header injection in the plugins/captcha/crypt/cryptographp.php cfg parameter, a related i

Share

CVE-2014-9006 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy