CVE-2018-16820 : admin/index.php in Monstra CMS 3.0.4 allows arbitrary directory listing via id=f
CVE-2018-16820 : admin/index.php in Monstra CMS 3.0.4 allows arbitrary directory listing via id=filesmanager&path=uploads/.......//./.......//./ requests.
www.cvedetails.com