CVE-2020-13384

Published: 2020-05-22T05:15Z

Last Modified: 2024-11-21T05:01Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

Monstra CMS 3.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via admin/index.php?id=filesmanager because, for example, .php filenames are blocked but .php7 filenames are not, a related issue to CVE-2017-18048. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt