Security Advisory

CVE-2018-17418

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-03-07 22:00:00

Last updated 2024-08-05 10:47:04

Assigner mitre

State PUBLISHED

Description

Monstra CMS 3.0.4 allows remote attackers to execute arbitrary PHP code via a mixed-case file extension, as demonstrated by the 123.PhP filename, because pluginsboxfilesmanagerfilesmanager.admin.php mishandles the forbidden_types variable.

← Browse all CVEs View on cve.org ↗