← Back to CVE List

CVE-2018-16608

Published: 2018-09-10T13:29Z
Last Modified: 2024-11-21T03:53Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
In Monstra CMS 3.0.4, an attacker with 'Editor' privileges can change the password of the administrator via an admin/index.php?id=users&action=edit&user_id=1, Insecure Direct Object Reference (IDOR). > MITRE Terms of Use apply – see LICENSE‑MITRE.txt