PHP command execution exists in edit blog template in monstra 3.0.4

Vulnerability profile:
In edit blog template, we can control the website system by writing PHP executable code and running malicious code
Test environment: PHP version 5.6.2 +appach
Affected version
<=3.0.4
Vulnerability details:
1. Use the administrative user to log in to the website: http://ip:port/monstra/admin/index.php?id=themes&action=edit_ template&filename=blog

2.Write PHP executable code in template content

![image](https://user-images.githubusercontent.com/66055874/83114418-819ce500-a0fb-11ea-8f87-bea1cb4d9d6f.png)

3.Save the modified template content,visit:http://ip:port/monstra/blog
Get shell and control the website
![image](https://user-images.githubusercontent.com/66055874/83114758-f96b0f80-a0fb-11ea-9285-645f435be871.png)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

PHP command execution exists in edit blog template in monstra 3.0.4 #468

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

PHP command execution exists in edit blog template in monstra 3.0.4 #468

Description

Metadata

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Issue actions