CVE-2017-18048

Name of the Vulnerable Software and Affected Versions: Monstra CMS version 3.0.4

Description: The issue allows users to upload arbitrary files, leading to remote command execution on the server. This is possible because the system blocks files with .php (lowercase) extensions but does not block files with .PHP (uppercase) extensions, allowing for potential exploitation.

Recommendations: For Monstra CMS version 3.0.4, consider restricting or disabling file upload functionality until a proper fix is available, and ensure that the system properly handles file extensions in a case-insensitive manner to prevent exploitation.