Monstra CMS 3.0.4 does not properly restrict modified Snippet content, as demonstrated by the admin/index.php?id=snippets&action=edit_snippet&filename=google-analytics URI, which allows attackers to execute arbitrary PHP code by placing this code after a <?php substring.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://github.com/monstra-cms/monstra/issues/455 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2018-09-10T13:00:00
Updated: 2024-08-05T10:10:05.457Z
Reserved: 2018-08-26T00:00:00
Link: CVE-2018-15886
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2018-09-10T13:29:00.400
Modified: 2018-11-14T20:40:04.223
Link: CVE-2018-15886
Redhat
No data.