CVE-2021-43258

Published: Nov 23, 2022Modified: Apr 28, 2025

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

CartView.php in ChurchInfo 1.3.0 allows attackers to achieve remote code execution through insecure uploads. This requires authenticated access tot he ChurchInfo application. Once authenticated, a user can add names to their cart, and compose an email. Uploading an attachment for the email stores the attachment on the site in the /tmp_attach/ folder where it can be accessed with a GET request. There are no limitations on files that can be attached, allowing for malicious PHP code to be uploaded and interpreted by the server.

Affected (1)

Products: Churchdb: Churchinfo

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Churchdb Churchinfo	From 1.2.13 to 1.3.0

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (6)

http://www.churchdb.org/

Source: cve@mitre.org

Product

https://github.com/rapid7/metasploit-framework/pull/17257

Source: cve@mitre.org

ExploitPatchThird Party Advisory

https://sourceforge.net/projects/churchinfo/files/

Source: cve@mitre.org

Product

http://www.churchdb.org/

Source: af854a3a-2127-422b-91ae-364da2661108

Product

https://github.com/rapid7/metasploit-framework/pull/17257

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchThird Party Advisory

https://sourceforge.net/projects/churchinfo/files/

Source: af854a3a-2127-422b-91ae-364da2661108

Product

Timeline

No history available yet.