Lucene search

[email protected]NVD:CVE-2021-43258

HistoryNov 23, 2022 - 7:15 p.m.

CVE-2021-43258

2022-11-2319:15:11

CWE-434

[email protected]

web.nvd.nist.gov

cve-2021-43258

churchinfo

remote code execution

insecure uploads

authenticated access

attachment vulnerability

php code execution

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.074

Percentile

94.2%

JSON

CartView.php in ChurchInfo 1.3.0 allows attackers to achieve remote code execution through insecure uploads. This requires authenticated access tot he ChurchInfo application. Once authenticated, a user can add names to their cart, and compose an email. Uploading an attachment for the email stores the attachment on the site in the /tmp_attach/ folder where it can be accessed with a GET request. There are no limitations on files that can be attached, allowing for malicious PHP code to be uploaded and interpreted by the server.

Affected configurations

Nvd

Node

churchdbchurchinfoRange1.2.13–1.3.0

VendorProductVersionCPE
churchdbchurchinfo*cpe:2.3:a:churchdb:churchinfo:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
churchdb	churchinfo	*	cpe:2.3:a:churchdb:churchinfo::::::::

References

www.churchdb.org/

github.com/rapid7/metasploit-framework/pull/17257

sourceforge.net/projects/churchinfo/files/

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.074

Percentile

94.2%

JSON

Related for NVD:CVE-2021-43258

zdt1 githubexploit1 cve1 prion1 packetstorm1 cnvd1 metasploit1 cvelist1 rapid7blog1