Code injection

Monstra CMS 3.0.4 allows remote attackers to execute arbitrary PHP code via a mixed-case file extension, as demonstrated by the 123.PhP filename, because plugins\box\filesmanager\filesmanager.admin.php mishandles the forbiddentypes variable...

Directory override delete vulnerability in Monstra CMS backend filesmanager.admin.php file

Monstra CMS is a lightweight PHP-based content management system CMS developed by Ukrainian software developer Sergey Romanenko. The system is easy to install and use, scalable and so on. A directory override vulnerability exists in the filesmanager.admin.php file in the backend of Monstra CMS. A...