EDB-49949
webappsphp
Monstra CMS 3.0.4 - Remote Code Execution (Authenticated)
CVE-2018-6383
Ron Jost6/4/2021
CVE-2018-6383
8.8HIGHMonstra CMS through 3.0.4 has an incomplete "forbidden types" list that excludes .php (and similar) file extensions but not the .pht or .phar extension, which allows remote authenticated Admins or Edi
Publicado: 1/29/2018Atualizado: 11/21/2024
Descrição
Monstra CMS through 3.0.4 has an incomplete "forbidden types" list that excludes .php (and similar) file extensions but not the .pht or .phar extension, which allows remote authenticated Admins or Editors to execute arbitrary PHP code by uploading a file, a different vulnerability than CVE-2017-18048.
Análise IADesenvolvido por IA
Produtos Afetados
monstramonstra
Exploits Disponíveis (1)
Referências
- http://packetstormsecurity.com/files/162968/Monstra-CMS-3.0.4-Remote-Code-Execution.htmlExploitThird Party AdvisoryVDB Entry
- https://github.com/Hacker5preme/Exploits/tree/main/CVE-2018-6383-ExploitExploitThird Party Advisory
- https://github.com/monstra-cms/monstra/issues/429ExploitIssue TrackingThird Party Advisory
- http://packetstormsecurity.com/files/162968/Monstra-CMS-3.0.4-Remote-Code-Execution.htmlExploitThird Party AdvisoryVDB Entry
- https://github.com/Hacker5preme/Exploits/tree/main/CVE-2018-6383-ExploitExploitThird Party Advisory
- https://github.com/monstra-cms/monstra/issues/429ExploitIssue TrackingThird Party Advisory