CVE-2025-69906 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Monstra CMS v3.0.4 contains an arbitrary file upload vulnerability in the Files Manager plugin. The application relies on blacklist-based file extension validat…
High CVSS: 8.8

CVE-2025-69906

Monstra CMS v3.0.4 contains an arbitrary file upload vulnerability in the Files Manager plugin. The application relies on blacklist-based file extension validation and stores uploaded files directly in a web-accessible directory. Under typical server configurations, this can allow an attacker to upload files that are interpreted as executable code, resulting in remote code execution.
Vendor
Monstra
Product
Monstra Cms
CWE
CWE-434
Yayın Tarihi
2026-02-05 17:16:12
Güncelleme
2026-02-11 19:07:15
Source Identifier
cve@mitre.org
KEV Date Added
-

Kategoriler

CWE-434 Monstra Cms HIGH Monstra 2026

Referanslar

https://github.com/cypherdavy/CVE-2025-69906-Monstra-CMS-3.0.4-Arbitrary-File-Upload-to-RCE https://github.com/monstra-cms/monstra/tree/master/plugins/box/filesmanager