Monstra CMS 3.0.4-Remote Code Execution

Summary

Monstra is an XML based, modern and lightweight Content Management System.Monstra is an open-source project licensed under the GNU GENERAL PUBLIC LICENSE v3. Monstra provides amazing api's for plugins, themes and core developers!Monstra allow to create several adminstrators, editors, users for your site.Monstra is an open-source project licensed under the GNU GENERAL PUBLIC LICENSE v3 to set the world free!
Monstra CMS 3.0.4 allows remote code execution via an upload_file request for a .zip file,which is automatically extracted and may contain .php files.

Solution

1.At present, the manufacturer has not provided a patch or an upgrade procedure. We recommend that users who use this software keep an eye on the vendor's homepage to obtain the latest version:
http://monstra.org/
2.Customers who buy the next-generation firewall of Sangfor can turn on the WAF defense module to easily defend against such vulnerabilitie