Back to search
CVE-2018-15886
Published: Sep 10, 2018
Modified: Aug 5, 2024
PUBLISHED
Description
Monstra CMS 3.0.4 does not properly restrict modified Snippet content, as demonstrated by the admin/index.php?id=snippets&action=edit_snippet&filename=google-analytics URI, which allows attackers to execute arbitrary PHP code by placing this code after a <?php substring.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://github.com/monstra-cms/monstra/issues/455
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now