CVE-2018-17418
Monstra CMS 3.0.4 is vulnerable to remote code execution via a mixed-case file extension (example 123.PhP) because plugins\box\filesmanager\filesmanager.admin.php mishandles the forbidden_types variable. Affected component is the files manager in the Box plugin; the root cause is improper handlin...