Session Management Issue in Monstra CMS 3.0.4: Password Change Does Not Invalidate Open Sessions

Session Management Issue in Monstra CMS 3.0.4: Password Change Does Not Invalidate Open Sessions

CVE-2018-11475 · MEDIUM Severity

AV:N/AC:M/AU:S/C:P/I:P/A:P

Monstra CMS 3.0.4 has a Session Management Issue in the Users tab. A password change at users/1/edit does not invalidate a session that is open in a different browser.

Learn more about our Cms Pen Testing.