2 matches found
CVE-2020-13384
Monstra CMS 3.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via admin/index.php?id=filesmanager because, for example, .php filenames are blocked but .php7 filenames are not, a related issue to CVE-2017-18048...
CVE-2020-13384
Monstra CMS 3.0.4 is affected: remote authenticated users can upload and execute arbitrary PHP code via admin/index.php?id=filesmanager because .php filenames are blocked but .php7 are not; this is related to CVE-2017-18048. The CVE entry CVE-2020-13384 documents this behavior and links to public...