Xiaohuihui1113

**Name of the Vulnerable Software and Affected Versions** Monstra CMS version 3.0.4 **Description** The issue concerns arbitrary file deletion in Monstra CMS. An attacker can exploit this by sending a request to the "admin/index.php" endpoint with specific parameters, including `id`, `path`, and `delete file`. The `path` parameter can be manipulated using directory traversal characters (`../`) to target files outside the intended directory, and the `delete file` parameter is used to specify the file to be deleted. **Recommendations** For Monstra CMS version 3.0.4, consider restricting access to the "admin/index.php" endpoint, specifically the file deletion functionality, until a fix is available. As a temporary workaround, avoid using the `delete file` parameter in requests to the "admin/index.php" endpoint with `id=filesmanager`.

**Name of the Vulnerable Software and Affected Versions** Monstra CMS version 3.0.4 **Description** The issue allows for arbitrary directory listing. This can be achieved by sending a request to the "admin/index.php" endpoint with specific parameters, such as `id=filesmanager` and `path=uploads/.......//./.......//./`, which enables an attacker to list directories. **Recommendations** For Monstra CMS version 3.0.4, consider restricting access to the `filesmanager` id in the "admin/index.php" endpoint to minimize the risk of exploitation. Additionally, limit the `path` parameter to prevent directory traversal attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Monstra CMS version 3.0.4 **Description** The issue concerns the improper restriction of modified Snippet content. This is demonstrated through the "admin/index.php?id=snippets&action=edit snippet&filename=google-analytics" URI, which allows attackers to execute arbitrary PHP code by placing it after a <?php substring. **Recommendations** For Monstra CMS version 3.0.4, as a temporary workaround, consider restricting access to the `edit snippet` action in the `admin/index.php` file until a proper fix is available. Additionally, avoid using the `filename` parameter in the affected URI to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.