CVE-2018-9038

Name of the Vulnerable Software and Affected Versions Monstra CMS version 3.0.4

Description The issue allows remote attackers to delete files. This can be achieved by sending a request to the "admin/index.php" endpoint with specific parameters, including id set to "filesmanager", delete dir set to "./", and path set to "uploads/".

Recommendations For Monstra CMS version 3.0.4, as a temporary workaround, consider restricting access to the "admin/index.php" endpoint, specifically the file manager functionality, until a patch is available. Avoid using the delete dir and path parameters in the affected endpoint until the issue is resolved.