Vulnerability Details : CVE-2017-18048
Public exploit exists!
Monstra CMS 3.0.4 allows users to upload arbitrary files, which leads to remote command execution on the server, for example because .php (lowercase) is blocked but .PHP (uppercase) is not.
Products affected by CVE-2017-18048
- cpe:2.3:a:monstra:monstra:3.0.4:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-18048
91.16%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2017-18048
-
Monstra CMS Authenticated Arbitrary File Upload
Disclosure Date: 2017-12-18First seen: 2020-04-26exploit/multi/http/monstra_fileupload_execMonstraCMS 3.0.4 allows users to upload Arbitrary files which leads to remote command execution on the remote server. An attacker may choose to upload a file containing PHP code and run this code by accessing the resulting PHP file. This module was tested against MonstraC
CVSS scores for CVE-2017-18048
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST | |
8.8
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2017-18048
-
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-18048
-
https://securityprince.blogspot.in/2017/12/monstra-cms-304-arbitrary-file-upload.html
CVE-2017-18048 - Monstra CMS 3.0.4 - Arbitrary File Upload / Remote Code ExecutionExploit;Third Party Advisory
-
https://www.exploit-db.com/exploits/43348/
Monstra CMS 3.0.4 - (Authenticated) Arbitrary File Upload / Remote Code ExecutionExploit;Third Party Advisory;VDB Entry
-
https://blogs.securiteam.com/index.php/archives/3559
SSD Advisory – Monstra CMS RCE - SSD Secure DisclosureExploit;Third Party Advisory
-
https://github.com/monstra-cms/monstra/issues/426
Recommended Patch for Remote Command Execution Vulnerability · Issue #426 · monstra-cms/monstra · GitHubPatch;Third Party Advisory
Jump to