CVE-2020-25987

Published: Oct 6, 2020Modified: Jun 17, 2026

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

MonoCMS Blog 1.0 stores hard-coded admin hashes in the log.xml file in the source files for MonoCMS Blog. Hash type is bcrypt and hashcat mode 3200 can be used to crack the hash.

Affected (1)

Products: Monocms: Monocms

Monocms

1 product

Monocms

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Monocms Monocms	Version 1.0

Related CWEs

CWE-532

Insertion of Sensitive Information into Log File

Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

References (4)

http://packetstormsecurity.com/files/159430/MonoCMS-Blog-1.0-File-Deletion-CSRF-Hardcoded-Credentials.html

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

https://monocms.com/download

Source: cve@mitre.org

ProductVendor Advisory

http://packetstormsecurity.com/files/159430/MonoCMS-Blog-1.0-File-Deletion-CSRF-Hardcoded-Credentials.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

https://monocms.com/download

Source: af854a3a-2127-422b-91ae-364da2661108

ProductVendor Advisory

Timeline

No history available yet.