Jx0n0/monstra_cms-3.0.4--getshell

Releases0

Stars1

monstra_cms-3.0.4-上传getshell CVE-2018-17418

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2018-17418 ↗	Mar 7, 2019Thursday, 7 March 2019, 23:29	—	6.5 MEDIUM
Monstra CMS 3.0.4 allows remote attackers to execute arbitrary PHP code via a mixed-case file extension, as demonstrated by the 123.PhP filename, because plugins\box\filesmanager\filesmanager.admin.php mishandles the forbidden_types variable.