CVE-2021-3164

2021-01-26T18:16:00
ID CVE-2021-3164
Type cve
Reporter cve@mitre.org
Modified 2021-02-02T15:29:00

Description

ChurchRota 2.6.4 is vulnerable to authenticated remote code execution. The user does not need to have file upload permission in order to upload and execute an arbitrary file via a POST request to resources.php.