Arbitrary File Upload Vulnerability in Monstra CMS 3.0.4 Allows Remote Command Execution

Arbitrary File Upload Vulnerability in Monstra CMS 3.0.4 Allows Remote Command Execution

CVE-2017-18048 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

Monstra CMS 3.0.4 allows users to upload arbitrary files, which leads to remote command execution on the server, for example because .php (lowercase) is blocked but .PHP (uppercase) is not.

Learn more about our Cis Benchmark Audit For Server Software.