High severity8.8NVD Advisory· Published May 22, 2020· Updated Jun 17, 2026
CVE-2020-13384
CVE-2020-13384
Description
Monstra CMS 3.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via admin/index.php?id=filesmanager because, for example, .php filenames are blocked but .php7 filenames are not, a related issue to CVE-2017-18048.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Monstra CMS/Monstra CMSdescription
Patches
Vulnerability mechanics
References
1- www.exploit-db.com/exploits/48479nvdExploitThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.