← volver
CVE-2017-18048

CVE-2017-18048

EPSS 63.9%
Monstra CMS 3.0.4 allows users to upload arbitrary files, which leads to remote command execution on the server, for example because .php (lowercase) is blocked but .PHP (uppercase) is not.
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://blogs.securiteam.com/index.php/archives/3559https://github.com/monstra-cms/monstra/issues/426https://securityprince.blogspot.in/2017/12/monstra-cms-304-arbitrary-file-upload.htmlhttps://www.exploit-db.com/exploits/43348/