cpe:/a:monstra:monstra:3.0.4 CVE-2017-18048 2018-01-23T01:29:00.213-05:00 2018-02-08T11:28:31.783-05:00 6.5 NETWORK LOW SINGLE_INSTANCE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2018-02-07T14:44:53.560-05:00 EXPLOIT-DB 43348 MISC https://blogs.securiteam.com/index.php/archives/3559 MISC https://github.com/monstra-cms/monstra/issues/426 MISC https://securityprince.blogspot.in/2017/12/monstra-cms-304-arbitrary-file-upload.html Monstra CMS 3.0.4 allows users to upload arbitrary files, which leads to remote command execution on the server, for example because .php (lowercase) is blocked but .PHP (uppercase) is not.