CVE-2021-43258
Last modified
CVE-2021-43258 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. CartView.php in ChurchInfo 1.3.0 allows attackers to achieve remote code execution through insecure uploads. This requires authenticated access tot he ChurchInfo application. EPSS estimates a 10.52% chance of exploitation in the next 30 days.
Description
CartView.php in ChurchInfo 1.3.0 allows attackers to achieve remote code execution through insecure uploads. This requires authenticated access tot he ChurchInfo application. Once authenticated, a user can add names to their cart, and compose an email. Uploading an attachment for the email stores the attachment on the site in the /tmp_attach/ folder where it can be accessed with a GET request. There are no limitations on files that can be attached, allowing for malicious PHP code to be uploaded and interpreted by the server.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Churchdb | Churchinfo | >= 1.2.13, <= 1.3.0 |
References
- http://www.churchdb.org/Product
- https://github.com/rapid7/metasploit-framework/pull/17257Exploit, Patch, Third Party Advisory
- http://www.churchdb.org/Product
- https://github.com/rapid7/metasploit-framework/pull/17257Exploit, Patch, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-43258?
How severe is CVE-2021-43258?
How do I fix CVE-2021-43258?
Are you affected by CVE-2021-43258?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST