High severity8.8OSV Advisory· Published Jan 23, 2018· Updated Jun 17, 2026
CVE-2017-18048
CVE-2017-18048
Description
Monstra CMS 3.0.4 allows users to upload arbitrary files, which leads to remote command execution on the server, for example because .php (lowercase) is blocked but .PHP (uppercase) is not.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
4- github.com/monstra-cms/monstra/issues/426nvdPatchThird Party Advisory
- blogs.securiteam.com/index.php/archives/3559nvdExploitThird Party Advisory
- securityprince.blogspot.in/2017/12/monstra-cms-304-arbitrary-file-upload.htmlnvdExploitThird Party Advisory
- www.exploit-db.com/exploits/43348/nvdExploitThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.