← back
CVE-2017-18048

CVE-2017-18048

EPSS 63.9%
Monstra CMS 3.0.4 allows users to upload arbitrary files, which leads to remote command execution on the server, for example because .php (lowercase) is blocked but .PHP (uppercase) is not.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://blogs.securiteam.com/index.php/archives/3559https://github.com/monstra-cms/monstra/issues/426https://securityprince.blogspot.in/2017/12/monstra-cms-304-arbitrary-file-upload.htmlhttps://www.exploit-db.com/exploits/43348/