CVE-2017-18048

HIGH

Monstra CMS 3.0.4 - Unrestricted Upload of File with Dangerous Type via Case Bypass

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2017-18048. PoCs published by Ishaq Mohammed, Ishaq Mohammed <[email protected]>, Touhid M.Shaikh <[email protected]>, including Metasploit module exploits/multi/http/monstra_fileupload_exec.

AI-analyzed exploit summary This exploit demonstrates a file upload vulnerability in Monstra CMS 3.0.4, allowing arbitrary PHP file uploads leading to remote command execution. The vulnerability stems from incomplete file extension validation, permitting uppercase or alternative PHP extensions to bypass restrictions.

Description

Monstra CMS 3.0.4 allows users to upload arbitrary files, which leads to remote command execution on the server, for example because .php (lowercase) is blocked but .PHP (uppercase) is not.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Ishaq Mohammed · textwebappsphp
https://www.exploit-db.com/exploits/43348

This exploit demonstrates a file upload vulnerability in Monstra CMS 3.0.4, allowing arbitrary PHP file uploads leading to remote command execution. The vulnerability stems from incomplete file extension validation, permitting uppercase or alternative PHP extensions to bypass restrictions.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Monstra CMS 3.0.4
Auth required
Prerequisites: Valid Editor credentials · Access to the FilesManager plugin
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by Ishaq Mohammed <[email protected]>, Touhid M.Shaikh <[email protected]> · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/monstra_fileupload_exec.rb

This Metasploit module exploits an authenticated arbitrary file upload vulnerability in Monstra CMS 3.0.4, allowing remote command execution via a malicious PHP file upload. It includes authentication, CSRF token handling, and payload execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Monstra CMS 3.0.4
Auth required
Prerequisites: Valid credentials for Monstra CMS · Access to the admin panel
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/monstra-cms/monstra/issues/426
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/43348/
Exploit, Third Party Advisory x_refsource_misc
https://blogs.securiteam.com/index.php/archives/3559

Scores

CVSS v3 8.8
EPSS 0.6393
EPSS Percentile 99.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-434
Status published
Products (1)
monstra/monstra 3.0.4
Published Jan 23, 2018
Tracked Since Feb 18, 2026