漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
漏洞
ChurchCRM has a Path traversal leads to RCE
漏洞信息
ChurchCRM is an open-source church management system. Prior to 6.5.3, a path traversal vulnerability in ChurchCRM's backup restore functionality allows authenticated administrators to upload arbitrary files and achieve remote code execution by overwriting Apache .htaccess configuration files. The vulnerability exists in src/ChurchCRM/Backup/RestoreJob.php. The $rawUploadedFile['name'] parameter is user-controlled and allows uploading files with arbitrary names to /var/www/html/tmp_attach/ChurchCRMBackups/. This vulnerability is fixed in 6.5.3.
漏洞信息
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
漏洞
对路径名的限制不恰当(路径遍历)
漏洞
ChurchCRM 代码问题漏洞
漏洞信息
ChurchCRM是ChurchCRM开源的一个为教会打造的开源 CRM 系统。 ChurchCRM 6.5.3之前版本存在代码问题漏洞,该漏洞源于备份还原功能中存在路径遍历,可能导致经过身份验证的管理员上传任意文件并通过覆盖Apache .htaccess配置文件实现远程代码执行。
漏洞信息
N/A
漏洞
N/A