CVE-2017-18048

Monstra CMS 3.0.4 allows users to upload arbitrary files, which leads to remote command execution on the server, for example because .php (lowercase) is blocked but .PHP (uppercase) is not. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt