Monstra CMS 3.0.4 - Remote Code Execution

EDB-ID: 44621
Author: JameelNabbo
Published: 2018-05-14
CVE: CVE-2018-9037
Type: Webapps
Platform: PHP
Vulnerable App: Download Vulnerable Application

 # Date: 2018-05-14 
# Exploit Author: Jameel Nabbo
# Vendor Homepage:
# Software Link:
# Version: 3.0.4
# Tested on: MAC OSX
# CVE :CVE-2018-9037

Monstra CMS 3.0.4 allows remote code execution via an upload_file request for a .zip file,
which is automatically extracted and may contain .php files.

Steps to Reproduce
1: Log in as a user with page editing permissions
2: Upload a plugin archive containing php webshell code
3: After successful upload we can execute the command.

Then go to:{Name_Of_Zip_File_You_Uploaded}/{File_In_Zip}.php

Filter plugin content during plugin upload

Related Posts