Monstra CMS 3.0.4 allows malicious users to execute arbitrary code via a crafted payload entered into the "Snippet content" field under the "Edit Snippet" module.
monstra monstra cms 3.0.4