EDB-49949
webappsphp
Monstra CMS 3.0.4 - Remote Code Execution (Authenticated)
CVE-2018-6383
Ron Jost6/4/2021
CVE-2018-6383
8.8HIGHMonstra CMS through 3.0.4 has an incomplete "forbidden types" list that excludes .php (and similar) file extensions but not the .pht or .phar extension, which allows remote authenticated Admins or Edi
Опубликовано: 1/29/2018Обновлено: 11/21/2024
Описание
Monstra CMS through 3.0.4 has an incomplete "forbidden types" list that excludes .php (and similar) file extensions but not the .pht or .phar extension, which allows remote authenticated Admins or Editors to execute arbitrary PHP code by uploading a file, a different vulnerability than CVE-2017-18048.
ИИ-АнализНа базе ИИ
Затронутые продукты
monstramonstra
Доступные эксплойты (1)
Ссылки
- http://packetstormsecurity.com/files/162968/Monstra-CMS-3.0.4-Remote-Code-Execution.htmlExploitThird Party AdvisoryVDB Entry
- https://github.com/Hacker5preme/Exploits/tree/main/CVE-2018-6383-ExploitExploitThird Party Advisory
- https://github.com/monstra-cms/monstra/issues/429ExploitIssue TrackingThird Party Advisory
- http://packetstormsecurity.com/files/162968/Monstra-CMS-3.0.4-Remote-Code-Execution.htmlExploitThird Party AdvisoryVDB Entry
- https://github.com/Hacker5preme/Exploits/tree/main/CVE-2018-6383-ExploitExploitThird Party Advisory
- https://github.com/monstra-cms/monstra/issues/429ExploitIssue TrackingThird Party Advisory