Monstra CMS 3.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via admin/index.php?id=filesmanager because, for example, .php filenames are blocked but .php7 filenames are not, a related issue to CVE-2017-18048.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
monstra monstra 3.0.4 |