Описание
ChurchRota 2.6.4 is vulnerable to authenticated remote code execution. The user does not need to have file upload permission in order to upload and execute an arbitrary file via a POST request to resources.php.
Ссылки
- Third Party Advisory
- ExploitThird Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:churchdesk:churchrota:2.6.4:*:*:*:*:*:*:*
EPSS
Процентиль: 95%
0.21186
Средний
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-434
Связанные уязвимости
CVSS3: 8.8
github
больше 3 лет назад
ChurchRota 2.6.4 is vulnerable to authenticated remote code execution. The user does not need to have file upload permission in order to upload and execute an arbitrary file via a POST request to resources.php.
EPSS
Процентиль: 95%
0.21186
Средний
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-434