CVE-2018-16819 - OpenCVE

admin/index.php in Monstra CMS 3.0.4 allows arbitrary file deletion via id=filesmanager&path=uploads/.......//./.......//./&delete_file= requests.

No CVSS v3.1

AV:N/AC:L/Au:S/C:N/I:P/A:P

Vendors	Products
Monstra	Monstra

Configuration 1 [-]

cpe:2.3:a:monstra:monstra:3.0.4:*:*:*:*:*:*:*

References

Link	Resource
http://blog.51cto.com/13770310/2173956	Exploit Third Party Advisory
https://github.com/monstra-cms/monstra/issues/456	Exploit Issue Tracking Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2018-09-18T21:00:00

Updated: 2018-09-18T20:57:01

Reserved: 2018-09-10T00:00:00

Link: CVE-2018-16819

JSON object: View

NVD Information

Status : Analyzed

Published: 2018-09-18T21:29:03.480

Modified: 2018-11-19T18:44:05.520

Link: CVE-2018-16819

JSON object: View

Redhat Information

No data.

CWE