Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2017-18048

Description

Monstra CMS 3.0.4 allows users to upload arbitrary files, which leads to remote command execution on the server, for example because .php (lowercase) is blocked but .PHP (uppercase) is not.

POC

Reference

- https://securityprince.blogspot.in/2017/12/monstra-cms-304-arbitrary-file-upload.html

- https://www.exploit-db.com/exploits/43348/

Github

- https://github.com/n0th1n3-00X/security_prince