CNNVD-202602-813 Information

CNNVD ID

CNNVD-202602-813

Related CVE

CVE-2025-69906

• CNNVD Published: 2026-02-05

Description (Chinese)

Monstra CMS是乌克兰Sergey Romanenko个人开发者的一套基于PHP的轻量级内容管理系统（CMS）。 Monstra CMS v3.0.4版本存在安全漏洞，该漏洞源于Files Manager插件存在任意文件上传，应用程序依赖基于黑名单的文件扩展名验证并将上传文件直接存储在Web可访问目录中，可能导致远程代码执行。

Description (English)

Monstra CMS is a PHP-based, lightweight content management system (CMS) for Sergey Romanenko individual developers in Ukraine. Release Monstra CMS v3.0.4 has a security loophole, which stems from the arbitrary uploading of the File Manager plugin, which relies on blacklist-based file extensions to validate and store the upload file directly in Web-accessible directories, which may result in remote code execution.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2026-02-05

Last Modified

2026-02-24

References

https://github.com/cypherdavy/CVE-2025-69906-Monstra-CMS-3.0.4-Arbitrary-File-Upload-to-RCE https://github.com/monstra-cms/monstra/tree/master/plugins/box/filesmanager