CVE-2018-6383

Name of the Vulnerable Software and Affected Versions Monstra CMS versions prior to 3.0.5

Description The issue is related to an incomplete list of forbidden file types, allowing remote authenticated Admins or Editors to execute arbitrary PHP code by uploading files with certain extensions, such as .pht or .phar.

Recommendations For Monstra CMS versions prior to 3.0.5, update to version 3.0.5 or later to resolve the issue. As a temporary workaround, consider restricting file uploads to only necessary extensions and disabling the ability for Admins or Editors to upload files with .pht or .phar extensions.