Security Advisory

CVE-2018-6383

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2018-01-29 18:00:00

Last updated 2024-08-05 06:01:49

Assigner mitre

State PUBLISHED

Description

Monstra CMS through 3.0.4 has an incomplete "forbidden types" list that excludes .php (and similar) file extensions but not the .pht or .phar extension, which allows remote authenticated Admins or Editors to execute arbitrary PHP code by uploading a file, a different vulnerability than CVE-2017-18048.

← Browse all CVEs View on cve.org ↗