CVE-2018-6383

Posted on 2018년 1월 30일2018년 1월 30일 by admin

CVE-2018-6383

Monstra CMS through 3.0.4 has an incomplete "forbidden types" list that excludes .php (and similar) file extensions but not the .pht or .phar extension, which allows remote authenticated admins to execute arbitrary PHP code by uploading a file, a different vulnerability than CVE-2017-18048.

Source: CVE-2018-6383

답글 남기기 응답 취소