CVE-2017-18048

HIGH

Monstra - Unrestricted File Upload

Title source: rule

Description

Monstra CMS 3.0.4 allows users to upload arbitrary files, which leads to remote command execution on the server, for example because .php (lowercase) is blocked but .PHP (uppercase) is not.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Ishaq Mohammed · textwebappsphp

https://www.exploit-db.com/exploits/43348

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by Ishaq Mohammed <[email protected]>, Touhid M.Shaikh <[email protected]> · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/monstra_fileupload_exec.rb

View Code ZIP pw:eip

References (4)

[Exploit, Third Party Advisory] https://blogs.securiteam.com/index.php/archives/3559

[Patch, Third Party Advisory] https://github.com/monstra-cms/monstra/issues/426

[Exploit, Third Party Advisory] https://securityprince.blogspot.in/2017/12/monstra-cms-304-arbitrary-file-upload.html

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/43348/

Scores

CVSS v3 8.8

EPSS 0.7701

EPSS Percentile 99.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-434

Status published

Products (1)

monstra/monstra 3.0.4

Published Jan 23, 2018

Tracked Since Feb 18, 2026