Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Monstra CMS 3.0.4 allows an attacker, who already has administrative access to modify .chunk.php files on the Edit Chunk screen, to execute arbitrary OS commands via the Theme Module by visiting the admin/index.php?id=themes&action=edit_chunk URI. NOTE: there is no indication that the Edit Chunk feature was intended to prevent an administrator from using PHP's exec feature
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Monstra CMS 操作系统命令注入漏洞
Vulnerability Description
Monstra CMS是乌克兰Sergey Romanenko软件开发者的一套基于PHP的轻量级内容管理系统(CMS)。 Monstra CMS 3.0.4版本中存在安全漏洞。攻击者可通过修改.chunk.php文件利用该漏洞执行任意OS命令。
CVSS Information
N/A
Vulnerability Type
N/A