Monstra CMS 3.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via admin/index.php?id=filesmanager because, for example, .php filenames are blocked but .php7 filenames are not, a related issue to CVE-2017-18048.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HMonstra
APPMonstra3.0.4
Powiązane podatności
Monstra 3.0.4 does not filter the case of php, which leads to an unrestricted file upload vulnerability.
A remote code execution (RCE) vulnerability in the component /admin/index.php?id=themes&action=edit_template&f...
A local file inclusion vulnerability was discovered in the captcha function in Monstra 3.0.4 which allows remo...
An arbitrary file upload vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary code via up...
Monstra CMS 3.0.4 allows remote attackers to execute arbitrary PHP code via a mixed-case file extension, as de...