You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi @Awilum,
I have found a remote code execution vulnerability.can you guide me how to disclose them. Should I create a new issue or should I email the details?
The text was updated successfully, but these errors were encountered:
Vulnerability description
Monstra CMS 3.0.4 allows remote code execution via an upload_file request for a .zip file,
which is automatically extracted and may contain .php files.
Vulnerability Type
Command Execution Vulnerability
Expected Behavior
Command Execution
Steps to Reproduce
1、Log in as a user with page editing permissions
2、Upload a plugin archive containing php webshell code
3、After successful upload we can execute the command.
Possible Solutions
Filter plugin content during plugin upload
Hi @Awilum,
I have found a remote code execution vulnerability.can you guide me how to disclose them. Should I create a new issue or should I email the details?
The text was updated successfully, but these errors were encountered: