sunu11
commented
6 years ago I reported to the cve platform, they let me use CVE-2018-9037, you can contact them for details
Open sunu11 opened 6 years ago
sunu11
commented
6 years ago I reported to the cve platform, they let me use CVE-2018-9037, you can contact them for details
sunu11
commented
6 years ago Vulnerability description Monstra CMS 3.0.4 allows remote code execution via an upload_file request for a .zip file, which is automatically extracted and may contain .php files.
Vulnerability Type Command Execution Vulnerability
Expected Behavior Command Execution
Steps to Reproduce
1、Log in as a user with page editing permissions
2、Upload a plugin archive containing php webshell code
3、After successful upload we can execute the command.
Possible Solutions Filter plugin content during plugin upload
Hi @Awilum, I have found a remote code execution vulnerability.can you guide me how to disclose them. Should I create a new issue or should I email the details?