PT-2022-11339 · Monstra · Monstra

Wuhuaviator

Published

2022-06-15

Updated

2022-06-24

CVE-2021-40940

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Monstra version 3.0.4

Description The issue is related to an unrestricted file upload vulnerability. This occurs because Monstra does not filter the case of php, allowing for potential malicious file uploads.

Recommendations For Monstra version 3.0.4, consider restricting or disabling file upload functionality until a proper fix is implemented to filter and validate uploaded files, especially those with php extensions.

Exploit

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2021-40940

Affected Products

Monstra

PT-2022-11339 · Monstra · Monstra

CVE-2021-40940

Weakness Enumeration

Related Identifiers

Affected Products

References · 4