10 matches found
EUVD-2020-5642
Malware in sbrugna...
CVE-2020-13384
Monstra CMS 3.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via admin/index.php?id=filesmanager because, for example, .php filenames are blocked but .php7 filenames are not, a related issue to CVE-2017-18048...
Sql injection
Monstra CMS 3.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via admin/index.php?id=filesmanager because, for example, .php filenames are blocked but .php7 filenames are not, a related issue to CVE-2017-18048...
MonstraCMS Authenticated Arbitrary File Upload Exploit
Monstra CMS 3.0.4 allows users to upload arbitrary files which leads to remote command execution on the remote server. An attacker may choose to upload a file containing PHP code and run this code by accessing the resulting PHP file. This Metasploit module was tested against Monstra CMS 3.0.4. Th...
Monstra CMS Authenticated Arbitrary File Upload
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Monstra CMS Authenticated Arbitrary File Upload', 'Description' = %q MonstraCMS 3.0.4 allows users to upload Arbitrary files which leads to remot...
CVE-2017-18048
creationtimestamp| type| source ---|---|--- 2018-07-10 19:43:02+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/monstrafileuploadexec.rb 2020-05-27 07:46:37+00:00| seen| https://t.me/VulnerabilityNews/14804 2020-05-27 07:55:39+00:00| seen|...
Monstra CMS Authenticated Arbitrary File Upload
MonstraCMS 3.0.4 allows users to upload Arbitrary files which leads to remote command execution on the remote server. An attacker may choose to upload a file containing PHP code and run this code by accessing the resulting PHP file. This module was tested against MonstraCMS 3.0.4. This module...
Design/Logic Flaw
Monstra CMS through 3.0.4 has an incomplete "forbidden types" list that excludes .php and similar file extensions but not the .pht or .phar extension, which allows remote authenticated Admins or Editors to execute arbitrary PHP code by uploading a file, a different vulnerability than CVE-2017-180...
CVE-2017-18048
Monstra CMS 3.0.4 contains an input-filter bypass in the file-upload feature: the forbidden types list excludes .php while not covering uppercase or related extensions, enabling authenticated admins/editors to upload a PHP payload and trigger remote command execution on the server (CVE-2017-18048...
Monstra CMS - Remote Code Execution
Monstra CMS - Remote Code Execution. CVE-2017-18048. Webapps exploit for PHP platform Vulnerabilities Summary The following advisory describes a vulnerability found in Monstra CMS. Monstra is “a modern and lightweight Content Management System. It is Easy to install, upgrade and use.” The...