EDB-49949webappsphp

Monstra CMS 3.0.4 - Remote Code Execution (Authenticated)

Ron Jost6/4/2021

View on Exploit-DB View Source on GitLab

AI AnalysisPowered by AI

Exploit Code

Exploit code not available in database

View Source on GitLab

Related CVEs (1)

CVE-2018-6383

8.8HIGH

Monstra CMS through 3.0.4 has an incomplete "forbidden types" list that excludes .php (and similar) file extensions but not the .pht or .phar extension, which allows remote authenticated Admins or Edi

Monstra CMS through 3.0.4 has an incomplete "forbidden types" list that excludes .php (and similar) file extensions but not the .pht or .phar extension, which allows remote authenticated Admins or Edi...

1/29/2018CWE-184