Skip to main content

Monox

4 CVEs product

Monthly

CVE-2020-12471 CRITICAL POC Act Now

MonoX through 5.1.40.5152 allows remote code execution via HTML5Upload.ashx or Pages/SocialNetworking/lng/en-US/PhotoGallery.aspx because of deserialization in ModuleGallery.HTML5Upload,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Deserialization Monox
NVD GitHub
CVSS 3.1
9.8
EPSS
2.8%
CVE-2020-12470 HIGH POC This Week

MonoX through 5.1.40.5152 allows administrators to execute arbitrary code by modifying an ASPX template. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal RCE Information Disclosure Monox
NVD GitHub
CVSS 3.1
7.2
EPSS
1.7%
CVE-2020-12473 HIGH POC This Week

MonoX through 5.1.40.5152 allows admins to execute arbitrary programs by reconfiguring the Converter Executable setting from ffmpeg.exe to a different program. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Monox
NVD GitHub
CVSS 3.1
7.2
EPSS
1.4%
CVE-2020-12472 MEDIUM POC This Month

MonoX through 5.1.40.5152 allows stored XSS via User Status, Blog Comments, or Blog Description. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Monox
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

MonoX through 5.1.40.5152 allows remote code execution via HTML5Upload.ashx or Pages/SocialNetworking/lng/en-US/PhotoGallery.aspx because of deserialization in ModuleGallery.HTML5Upload,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Deserialization Monox
NVD GitHub
EPSS 2% CVSS 7.2
HIGH POC This Week

MonoX through 5.1.40.5152 allows administrators to execute arbitrary code by modifying an ASPX template. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal RCE Information Disclosure +1
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

MonoX through 5.1.40.5152 allows admins to execute arbitrary programs by reconfiguring the Converter Executable setting from ffmpeg.exe to a different program. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Monox
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

MonoX through 5.1.40.5152 allows stored XSS via User Status, Blog Comments, or Blog Description. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Monox
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy