CVE Vulnerability

CVE-2021-43258

CartView.php in ChurchInfo 1.3.0 allows attackers to achieve remote code execution through insecure uploads. This requires authenticated access tot he ChurchInfo application. Once authenticated, a user can add names to their cart, and compose an email. Uploading an attachment for the email stores the attachment on the site in the /tmp_attach/ folder where it can be accessed with a GET request. There are no limitations on files that can be attached, allowing for malicious PHP code to be uploaded and interpreted by the server.

8.8 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
http://www.churchdb.org/ Product
https://github.com/rapid7/metasploit-framework/pull/17257 Exploit Patch
https://sourceforge.net/projects/churchinfo/files/ Product
Configurations

Configuration 1

cpe:2.3:a:churchdb:churchinfo:*:*:*:*:*:*:*:*
Information

Published : 2022-11-23 07:15

Updated : 2022-11-30 03:52

NVD link : CVE-2021-43258

Mitre link : CVE-2021-43258

Products Affected
No products.
CWE
CWE-434