CVE-2021-3164

February 2, 2021

ChurchRota 2.6.4 is vulnerable to authenticated remote code execution. The user does not need to have file upload permission in order to upload and execute an arbitrary file via a POST request to resources.php.

Summary:

ChurchRota 2.6.4 is vulnerable to authenticated remote code execution. The user does not need to have file upload permission in order to upload and execute an arbitrary file via a POST request to resources.php.

Reference Links(if available):

  • https://github.com/Little-Ben/ChurchRota
  • https://github.com/rmccarth/cve-2021-3164

  • CVSS Score (if available)

    v2: / MEDIUM

    v3: /

    Links to Exploits(if available)

  • Tags: , , , ,

    You may have missed

    HIBP Banner 1

    T2 – 94,584 breached accounts

    April 25, 2024
    CISA Logo

    CISA: CISA Releases Three Industrial Control Systems Advisories

    April 25, 2024
    CISA Logo

    CISA: CISA Releases Four Industrial Control Systems Advisories

    April 25, 2024
    CISA Logo

    CISA: Oracle Releases Critical Patch Update Advisory for April 2024

    April 25, 2024
    CISA Logo

    CISA: Joint Guidance on Deploying AI Systems Securely

    April 25, 2024