Monstra CMS version 3.0.4 suffers from a shell upload remote code execution vulnerability.
e317e4c185f5c6a9f9a57b3bbf13084ad7e1c42c0292bd95a43d6ba98ef8b3fd# Exploit Title: Monstra CMS 3.0.4 Upload Plugin Remote code execution CVE-2018-9037
# Date: 2018-05-14
# Exploit Author: Jameel Nabbo
# Vendor Homepage: https://github.com/monstra-cms/monstra
# Software Link: https://github.com/monstra-cms/monstra
# Version: 3.0.4
# Tested on: MAC OSX
# CVE :CVE-2018-9037
Monstra CMS 3.0.4 allows remote code execution via an upload_file request for a .zip file,
which is automatically extracted and may contain .php files.
Steps to Reproduce
1: Log in as a user with page editing permissions
2: Upload a plugin archive containing php webshell code
3: After successful upload we can execute the command.
Then go to: http://127.0.0.1/plugins/{Name_Of_Zip_File_You_Uploaded}/{File_In_Zip}.php
Solution
Filter plugin content during plugin upload
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed