CVE-2021-3164

February 2, 2021

ChurchRota 2.6.4 is vulnerable to authenticated remote code execution. The user does not need to have file upload permission in order to upload and execute an arbitrary file via a POST request to resources.php.

Summary:

ChurchRota 2.6.4 is vulnerable to authenticated remote code execution. The user does not need to have file upload permission in order to upload and execute an arbitrary file via a POST request to resources.php.

Reference Links(if available):

  • https://github.com/Little-Ben/ChurchRota
  • https://github.com/rmccarth/cve-2021-3164

  • CVSS Score (if available)

    v2: / MEDIUM

    v3: /

    Links to Exploits(if available)

  • You may have missed

    news

    Ransomware Groups Exploit Cloud Services for Data Exfiltration and Attacks

    November 17, 2024
    news

    Zero-Day Vulnerability Discovered by watchTowr in Fortinet Products

    November 17, 2024
    news

    O2’s Innovative AI Granny Tackles Scam Callers with Engaging Tales

    November 17, 2024
    news

    Palo Alto Networks Zero-Day Vulnerability Actively Exploited: A Critical Security Advisory

    November 17, 2024
    news

    Bitfinex Hacker Ilya Lichtenstein Sentenced to Five Years for $4.5 Billion Crypto Heist

    November 17, 2024