CVE-2018-17418

Monstra CMS 3.0.4 allows remote attackers to execute arbitrary PHP code via a mixed-case file extension, as demonstrated by the 123.PhP filename, because pluginsboxfilesmanagerfilesmanager.admin.php mishandles the forbidden_types variable.
References
Configurations

Configuration 1

cpe:2.3:a:monstra:monstra:3.0.4:*:*:*:*:*:*:*

Information

Published : 2019-03-07 11:29

Updated : 2019-03-08 07:09


NVD link : CVE-2018-17418

Mitre link : CVE-2018-17418

Products Affected
No products.
CWE