High severity7.2OSV Advisory· Published Mar 7, 2019· Updated Jun 17, 2026
CVE-2018-17418
CVE-2018-17418
Description
Monstra CMS 3.0.4 allows remote attackers to execute arbitrary PHP code via a mixed-case file extension, as demonstrated by the 123.PhP filename, because plugins\box\filesmanager\filesmanager.admin.php mishandles the forbidden_types variable.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
1- github.com/AlwaysHereFight/monstra_cms-3.0.4--getshell/blob/master/README.mdnvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.