7 matches found
CVE-2021-3164
ChurchRota 2.6.4 is vulnerable to authenticated remote code execution. The user does not need to have file upload permission in order to upload and execute an arbitrary file via a POST request to resources.php...
CVE-2021-3164
ChurchRota 2.6.4 is vulnerable to authenticated remote code execution. The user does not need to have file upload permission in order to upload and execute an arbitrary file via a POST request to resources.php...
CVE-2021-3164
ChurchRota 2.6.4 is vulnerable to authenticated remote code execution. The user does not need to have file upload permission in order to upload and execute an arbitrary file via a POST request to resources.php...
Design/Logic Flaw
ChurchRota 2.6.4 is vulnerable to authenticated remote code execution. The user does not need to have file upload permission in order to upload and execute an arbitrary file via a POST request to resources.php...
CVE-2021-3164
CVE-2021-3164 affects ChurchRota 2.6.4 and allows authenticated remote code execution by uploading and executing an arbitrary file via resources.php, even without file-upload permissions. Multiple connected sources confirm the vulnerability and provide practical PoCs: an explicit HTTP POST upload...
CVE-2021-3164
ChurchRota 2.6.4 is vulnerable to authenticated remote code execution. The user does not need to have file upload permission in order to upload and execute an arbitrary file via a POST request to resources.php...
ChurchRota 2.6.4 - RCE (Authenticated)
Exploit Title: ChurchRota 2.6.4 - RCE Authenticated Date: 1/19/2021 Exploit Author: Rob McCarthy @slixperi Vendor Homepage: https://github.com/Little-Ben/ChurchRota Software Link: https://github.com/Little-Ben/ChurchRota Version: 2.6.4 Tested on: Ubuntu import requests from pwn import listen...