Monstra · Monstra Cms · CVE-2017-18048
Name of the Vulnerable Software and Affected Versions:
Monstra CMS version 3.0.4
Description:
The issue allows users to upload arbitrary files, leading to remote command execution on the server. This is possible because the system blocks files with `.php` (lowercase) extensions but does not block files with `.PHP` (uppercase) extensions, allowing for potential exploitation.
Recommendations:
For Monstra CMS version 3.0.4, consider restricting or disabling file upload functionality until a proper fix is available, and ensure that the system properly handles file extensions in a case-insensitive manner to prevent exploitation.