An arbitrary file upload vulnerability in Monstra CMS v3.0.4 allows malicious users to execute arbitrary code via uploading a crafted PHP file.