Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Monstra CMS v3.0.4 contains an arbitrary file upload vulnerability in the Files Manager plugin. The application relies on blacklist-based file extension validation and stores uploaded files directly in a web-accessible directory. Under typical server configurations, this can allow an attacker to upload files that are interpreted as executable code, resulting in remote code execution.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Monstra CMS 安全漏洞
Vulnerability Description
Monstra CMS是乌克兰Sergey Romanenko个人开发者的一套基于PHP的轻量级内容管理系统(CMS)。 Monstra CMS v3.0.4版本存在安全漏洞,该漏洞源于Files Manager插件存在任意文件上传,应用程序依赖基于黑名单的文件扩展名验证并将上传文件直接存储在Web可访问目录中,可能导致远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A