High severity7.2OSV Advisory· Published Sep 10, 2018· Updated Jun 17, 2026
CVE-2018-15886
CVE-2018-15886
Description
Monstra CMS 3.0.4 does not properly restrict modified Snippet content, as demonstrated by the admin/index.php?id=snippets&action=edit_snippet&filename=google-analytics URI, which allows attackers to execute arbitrary PHP code by placing this code after a <?php substring.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
1- github.com/monstra-cms/monstra/issues/455nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.