Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
CartView.php in ChurchInfo 1.3.0 allows attackers to achieve remote code execution through insecure uploads. This requires authenticated access tot he ChurchInfo application. Once authenticated, a user can add names to their cart, and compose an email. Uploading an attachment for the email stores the attachment on the site in the /tmp_attach/ folder where it can be accessed with a GET request. There are no limitations on files that can be attached, allowing for malicious PHP code to be uploaded and interpreted by the server.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
ChurchInfo 代码问题漏洞
Vulnerability Description
ChurchInfo是ChurchInfo团队的一个免费的教会数据库程序,可帮助教会跟踪成员、家庭、团体、认捐和付款。 ChurchInfo 1.2.13版本至1.3.0版本存在安全漏洞。攻击者利用该漏洞通过上传PHP附件,然后浏览到web服务器上上传PHP文件的位置,从而执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A