EDB-49949
webappsphp
Monstra CMS 3.0.4 - Remote Code Execution (Authenticated)
CVE-2018-6383
Ron Jost6/4/2021
CVE-2018-6383
8.8HIGHMonstra CMS through 3.0.4 has an incomplete "forbidden types" list that excludes .php (and similar) file extensions but not the .pht or .phar extension, which allows remote authenticated Admins or Edi
게시됨: 1/29/2018업데이트됨: 11/21/2024
설명
Monstra CMS through 3.0.4 has an incomplete "forbidden types" list that excludes .php (and similar) file extensions but not the .pht or .phar extension, which allows remote authenticated Admins or Editors to execute arbitrary PHP code by uploading a file, a different vulnerability than CVE-2017-18048.
AI 분석AI 기반
영향받는 제품
monstramonstra
사용 가능한 익스플로잇 (1)
참조
- http://packetstormsecurity.com/files/162968/Monstra-CMS-3.0.4-Remote-Code-Execution.htmlExploitThird Party AdvisoryVDB Entry
- https://github.com/Hacker5preme/Exploits/tree/main/CVE-2018-6383-ExploitExploitThird Party Advisory
- https://github.com/monstra-cms/monstra/issues/429ExploitIssue TrackingThird Party Advisory
- http://packetstormsecurity.com/files/162968/Monstra-CMS-3.0.4-Remote-Code-Execution.htmlExploitThird Party AdvisoryVDB Entry
- https://github.com/Hacker5preme/Exploits/tree/main/CVE-2018-6383-ExploitExploitThird Party Advisory
- https://github.com/monstra-cms/monstra/issues/429ExploitIssue TrackingThird Party Advisory