Description

Church Management System version 1.0 is affected by a SQL anjection vulnerability through creating a user with a PHP file as an avatar image, which is accessible through the /uploads directory. This can lead to RCE on the web server by uploading a PHP webshell.

Related CPE's

a

church_management_system_project

church_management_system

1.0

Vulnerable

References

https://github.com/janikwehrli1/0dayHunt/blob/main/Church_Managementv1.0_RCE.py

ExploitThird Party Advisory

Weaknesses

[email protected]

Primary
CWE-89

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 · Critical

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2022-06-13T23:15:08.213

3 years ago

Last modified

2022-06-27T16:22:18.947

3 years ago