exploitDog

GHSA-9gjw-qvrh-6f5r

Опубликовано: 14 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 8.8

Описание

Monstra CMS 3.0.4 allows users to upload arbitrary files, which leads to remote command execution on the server, for example because .php (lowercase) is blocked but .PHP (uppercase) is not.

Monstra CMS 3.0.4 allows users to upload arbitrary files, which leads to remote command execution on the server, for example because .php (lowercase) is blocked but .PHP (uppercase) is not.

Ссылки

EPSS

Процентиль: 99%

0.77014

Высокий

8.8 High

CVSS3

CVE ID

Дефекты

CWE-434

Связанные уязвимости

CVE-2017-18048

CVSS3: 8.8

nvd

около 8 лет назад

Monstra CMS 3.0.4 allows users to upload arbitrary files, which leads to remote command execution on the server, for example because .php (lowercase) is blocked but .PHP (uppercase) is not.

EPSS

Процентиль: 99%

0.77014

Высокий

8.8 High

CVSS3

CVE ID

Дефекты

CWE-434