Home / os / winmobile

Monstra CMS Authenticated Arbitrary File Upload

Posted on 11 July 2018

Monstra CMS 3.0.4 allows users to upload arbitrary files which leads to remote command execution on the remote server. An attacker may choose to upload a file containing PHP code and run this code by accessing the resulting PHP file. This Metasploit module was tested against Monstra CMS 3.0.4.

 

TOP