A vulnerability, which was classified as critical, was found in Monstra CMS 3.0.4 (Content Management System). This affects an unknown code block of the file admin/index.php?id=users&action=edit&user_id=1 of the component Privileges. The manipulation with an unknown input leads to a credentials management vulnerability. CWE is classifying the issue as CWE-255. This is going to have an impact on confidentiality, integrity, and availability. The summary by CVE is:

In Monstra CMS 3.0.4, an attacker with 'Editor' privileges can change the password of the administrator via an admin/index.php?id=users&action=edit&user_id=1, Insecure Direct Object Reference (IDOR).

The bug was discovered 08/16/2018. The weakness was disclosed 09/10/2018 (Website). It is possible to read the advisory at github.com. This vulnerability is uniquely identified as CVE-2018-16608 since 09/06/2018. The exploitability is told to be easy. It is possible to initiate the attack remotely. The requirement for exploitation is a authentication. Technical details of the vulnerability are known, but there is no available exploit. The attack technique deployed by this issue is T1552 according to MITRE ATT&CK.

The vulnerability was handled as a non-public zero-day exploit for at least 25 days. During that time the estimated underground price was around $0-$5k.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

The entry 123805 is pretty similar.

Productinfo

Type

• Content Management System

Vendor

• Monstra

Name

• CMS

Version

• 3.0.4

License

• open-source

CPE 2.3info

• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion