Monstra CMS 3.0.4 allows users to upload arbitrary files, which leads to remote command execution on the server, for example because .php (lowercase) is blocked but .PHP (uppercase) is not.
https://github.com/monstra-cms/monstra/issues/426
Source: Mitre, NVD
Published: 2018-01-23
Updated: 2026-06-17
Base Score: 6.5
Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P
Severity: Medium
Base Score: 8.8
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: High
EPSS: 0.63355