Lucene search
China National Vulnerability DatabaseCNVD-2022-86334HistoryNov 23, 2022 - 12:00 a.m.
ChurchInfo Arbitrary File Upload Vulnerability
2022-11-2300:00:00
China National Vulnerability Database
www.cnvd.org.cn
17
churchinfo
arbitrary file upload
vulnerability
php files
security issue
EPSS
0.074
Percentile
94.2%
ChurchInfo is a free church database program from the ChurchInfo team that helps churches track members, families, groups, pledges, and payments. ChurchInfo 1.2.13 and later, and 1.3.0 and prior versions, is vulnerable to arbitrary file uploads. The vulnerability stems from the application’s lack of checks on uploaded files, which can be exploited by attackers to upload malicious PHP files and execute arbitrary code.
Related
zdt
zdt
ChurchInfo 1.2.13-1.3.0 Remote Code Execution Exploit
2022-11-21 00:00:00
githubexploit
githubexploit
nvd
nvd
CVE-2021-43258
2022-11-23 19:15:11
cve
cve
CVE-2021-43258
2022-11-23 19:15:11
metasploit
metasploit
ChurchInfo 1.2.13-1.3.0 Authenticated RCE
2022-11-19 00:21:08
cvelist
cvelist
CVE-2021-43258
2022-11-23 00:00:00
prion
prion
Remote code execution
2022-11-23 19:15:00
packetstorm
packetstorm
ChurchInfo 1.2.13-1.3.0 Remote Code Execution
2022-11-21 00:00:00
rapid7blog
rapid7blog
Metasploit Weekly Wrap-Up
2022-11-25 17:14:15