A remote code execution (RCE) vulnerability in the component /admin/index.php?id=themes&action=edit_template&filename=blog of Monstra v3.0.4 allows attackers to execute arbitrary commands via a crafted PHP file.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HMonstra
APPMonstra3.0.4
Related vulnerabilities
Monstra 3.0.4 does not filter the case of php, which leads to an unrestricted file upload vulnerability.
A local file inclusion vulnerability was discovered in the captcha function in Monstra 3.0.4 which allows remo...
An arbitrary file upload vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary code via up...
Monstra CMS 3.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via admin/index.p...
Monstra CMS 3.0.4 allows remote attackers to execute arbitrary PHP code via a mixed-case file extension, as de...