CVE-2021-40940 – Monstra CMS 3.0.4 has an unrestricted file uplo... (How to Fix)

Q: What is the severity of CVE-2021-40940?

CVE-2021-40940 has a CVSS score of 9.8 (CRITICAL). Monstra CMS 3.0.4 has an unrestricted file upload vulnerability due to insufficient filtering of PHP file extensions. Attackers can upload malicious PHP files to execute arbitrary code on the server. All Monstra CMS 3.0.4 installations with file upload functionality are affected.

📋 TL;DR

Monstra CMS 3.0.4 has an unrestricted file upload vulnerability due to insufficient filtering of PHP file extensions. Attackers can upload malicious PHP files to execute arbitrary code on the server. All Monstra CMS 3.0.4 installations with file upload functionality are affected.

💻 Affected Systems

Products:

Monstra CMS

Versions: 3.0.4

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires file upload functionality to be enabled/accessible.

📦 What is this software?

Monstra by Monstra

View all CVEs affecting Monstra →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full server compromise leading to data theft, ransomware deployment, or complete system takeover.

🟠

Likely Case

Webshell installation allowing persistent backdoor access, data exfiltration, and lateral movement.

🟢

If Mitigated

Limited impact with proper file upload restrictions and web application firewalls in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authentication to access file upload functionality.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.0.5

Vendor Advisory: https://github.com/monstra-cms/monstra/issues/471

Restart Required: No

Instructions:

1. Backup your Monstra installation. 2. Download Monstra 3.0.5 or later. 3. Replace all files except /public/uploads/ and /storage/ directories. 4. Clear browser cache.

🔧 Temporary Workarounds

Restrict File Upload Extensions

all

Configure web server to block PHP file uploads via case-insensitive filtering.

# Apache: Add to .htaccess
<FilesMatch "\.(?i:php|php3|php4|php5|phtml|phps)$">
  Order Allow,Deny
  Deny from all
</FilesMatch>
# Nginx: Add to server block
location ~* \.(php|php3|php4|php5|phtml|phps)$ {
  deny all;
}

🧯 If You Can't Patch

Disable file upload functionality completely in Monstra settings.
Implement web application firewall (WAF) rules to block PHP file uploads.

🔍 How to Verify

Check if Vulnerable:

Check if running Monstra 3.0.4 by examining version files or admin panel.

Check Version:

grep -r "version.*3.0.4" /path/to/monstra/ || cat /path/to/monstra/version.txt

Verify Fix Applied:

Confirm version is 3.0.5 or later and test file upload with PHP extensions in various cases.

📡 Detection & Monitoring

Log Indicators:

File uploads with .php, .PHP, .Php extensions in web server logs
Unusual POST requests to upload endpoints

Network Indicators:

HTTP POST requests with PHP file uploads to Monstra paths

SIEM Query:

source="web_logs" (url="*/admin/index.php?id=filesmanager" OR url="*/ajax/upload") file_extension="*.php"

📊 Metadata

CVE ID: CVE-2021-40940

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-434

Published: June 15, 2022

Last Updated: November 21, 2024

🔗 References

https://github.com/monstra-cms/monstra/issues/471 Exploit,Issue Tracking,Patch,Third Party Advisory
https://github.com/monstra-cms/monstra/issues/471 Exploit,Issue Tracking,Patch,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-40940, you might also want to check these: