ChurchInfo 1.2.13-1.3.0 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ChurchInfo 1.2.13-1.3.0 Authenticated RCE', 'Description' = %q This module exploits the logic in the CartView.php page when crafting a draft emai...

ChurchInfo 1.2.13-1.3.0 Authenticated RCE

This module exploits the logic in the CartView.php page when crafting a draft email with an attachment. By uploading an attachment for a draft email, the attachment will be placed in the /tmpattach/ folder of the ChurchInfo web server, which is accessible over the web by any user. By uploading a...