Lucene search
K

10 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2020-5642

Malware in sbrugna...

8.8CVSS8.8AI score0.02502EPSS
Exploits1References2
NVD
NVD
added 2020/05/22 5:15 a.m.16 views

CVE-2020-13384

Monstra CMS 3.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via admin/index.php?id=filesmanager because, for example, .php filenames are blocked but .php7 filenames are not, a related issue to CVE-2017-18048...

8.8CVSS8.9AI score0.02502EPSS
Exploits1References1
Prion
Prion
added 2020/05/22 5:15 a.m.16 views

Sql injection

Monstra CMS 3.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via admin/index.php?id=filesmanager because, for example, .php filenames are blocked but .php7 filenames are not, a related issue to CVE-2017-18048...

6.5CVSS8.8AI score0.63355EPSS
Exploits7References1Affected Software1
0day.today
0day.today
added 2018/07/12 12:0 a.m.85 views

MonstraCMS Authenticated Arbitrary File Upload Exploit

Monstra CMS 3.0.4 allows users to upload arbitrary files which leads to remote command execution on the remote server. An attacker may choose to upload a file containing PHP code and run this code by accessing the resulting PHP file. This Metasploit module was tested against Monstra CMS 3.0.4. Th...

6.5CVSS8.9AI score0.63355EPSS
Exploits6
Packet Storm
Packet Storm
added 2018/07/11 12:0 a.m.81 views

Monstra CMS Authenticated Arbitrary File Upload

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Monstra CMS Authenticated Arbitrary File Upload', 'Description' = %q MonstraCMS 3.0.4 allows users to upload Arbitrary files which leads to remot...

6.5CVSS0.2AI score0.63355EPSS
Exploits6
Circl
Circl
added 2018/07/10 7:43 p.m.14 views

CVE-2017-18048

creationtimestamp| type| source ---|---|--- 2018-07-10 19:43:02+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/monstrafileuploadexec.rb 2020-05-27 07:46:37+00:00| seen| https://t.me/VulnerabilityNews/14804 2020-05-27 07:55:39+00:00| seen|...

8.8CVSS8AI score0.63355EPSS
Exploits6References3
Metasploit
Metasploit
added 2018/06/28 5:25 a.m.13 views

Monstra CMS Authenticated Arbitrary File Upload

MonstraCMS 3.0.4 allows users to upload Arbitrary files which leads to remote command execution on the remote server. An attacker may choose to upload a file containing PHP code and run this code by accessing the resulting PHP file. This module was tested against MonstraCMS 3.0.4. This module...

0.8AI score
Exploits0
Prion
Prion
added 2018/01/29 6:29 p.m.28 views

Design/Logic Flaw

Monstra CMS through 3.0.4 has an incomplete "forbidden types" list that excludes .php and similar file extensions but not the .pht or .phar extension, which allows remote authenticated Admins or Editors to execute arbitrary PHP code by uploading a file, a different vulnerability than CVE-2017-180...

6.5CVSS8.8AI score0.63355EPSS
Exploits8References3Affected Software1
CVE
CVE
added 2018/01/23 6:0 a.m.103 views

CVE-2017-18048

Monstra CMS 3.0.4 contains an input-filter bypass in the file-upload feature: the forbidden types list excludes .php while not covering uppercase or related extensions, enabling authenticated admins/editors to upload a PHP payload and trigger remote command execution on the server (CVE-2017-18048...

8.8CVSS8.7AI score0.63355EPSS
Exploits6References4Affected Software1
Exploit DB
Exploit DB
added 2017/12/06 12:0 a.m.254 views

Monstra CMS - Remote Code Execution

Monstra CMS - Remote Code Execution. CVE-2017-18048. Webapps exploit for PHP platform Vulnerabilities Summary The following advisory describes a vulnerability found in Monstra CMS. Monstra is “a modern and lightweight Content Management System. It is Easy to install, upgrade and use.” The...

8.8CVSS9AI score0.63355EPSS
Exploits6
Rows per page
Query Builder