Session Management Issue in Monstra CMS 3.0.4: Password Change Does Not Invalidate Open Sessions

CVE-2018-11474 · MEDIUM Severity

AV:N/AC:M/AU:S/C:P/I:P/A:P

Monstra CMS 3.0.4 has a Session Management Issue in the Administrations Tab. A password change at admin/index.php?id=users&action=edit&user_id=1 does not invalidate a session that is open in a different browser.

Learn more about our Cms Pen Testing.