Security Advisory

CVE-2018-15886

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2018-09-10 13:00:00
Last updated 2024-08-05 10:10:05
Assigner mitre
State PUBLISHED

Description

Monstra CMS 3.0.4 does not properly restrict modified Snippet content, as demonstrated by the admin/index.php?id=snippets&action=edit_snippet&filename=google-analytics URI, which allows attackers to execute arbitrary PHP code by placing this code after a <?php substring.