Subscribe via feed.

ChurchInfo 1.2.13-1.3.0 Remote Code Execution

Posted by deepcore on November 22, 2022 – 2:51 pm

This Metasploit module exploits the logic in the CartView.php page when crafting a draft email with an attachment. By uploading an attachment for a draft email, the attachment will be placed in the /tmp_attach/ folder of the ChurchInfo web server, which is accessible over the web by any user. By uploading a PHP attachment and then browsing to the location of the uploaded PHP file on the web server, arbitrary code execution as the web daemon user (e.g. www-data) can be achieved.


This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.