Monsta Box WebFTP 1.8.2 and below arbitrary file read and path traversal vulnerabilities

Posted by Imre RAD on Apr 07

Application
———–
“MONSTA Box is a lightweight open-source file manager you can install on
your website or server * to easily manage your files through any browser.”
(Description from the official website http://www.monstahq.com/)

Vulnerability
————-
The Monsta Box WebFTP application supports file templates when creating
new files. The template parameter is part of the HTTP request so it is a
user input and it was not…

Leave a Reply