Vulnerability Details CVE-2017-18048
Monstra CMS 3.0.4 allows users to upload arbitrary files, which leads to remote command execution on the server, for example because .php (lowercase) is blocked but .PHP (uppercase) is not.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.776
EPSS Ranking 98.9%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
References
- https://blogs.securiteam.com/index.php/archives/3559
- https://github.com/monstra-cms/monstra/issues/426
- https://securityprince.blogspot.in/2017/12/monstra-cms-304-arbitrary-file-upload.html
- https://www.exploit-db.com/exploits/43348/
- https://blogs.securiteam.com/index.php/archives/3559
- https://github.com/monstra-cms/monstra/issues/426
- https://securityprince.blogspot.in/2017/12/monstra-cms-304-arbitrary-file-upload.html
- https://www.exploit-db.com/exploits/43348/