ChurchInfo 1.2.13-1.3.0 Remote Code Execution
This Metasploit module exploits the logic in the CartView.php page when crafting a draft email with an attachment. By uploading an attachment for
a draft email, the attachment will be placed in the /tmp_attach/ folder of
the ChurchInfo web server, which is accessible over the web by any user.
By uploading a PHP attachment and then browsing to the location of the
uploaded PHP file on the web server, arbitrary code execution as the web
daemon user (e.g. www-data) can be achieved.
https://packetstormsecurity.com/files/169968/churchinfo_upload_exec.rb.txt
Mon, 21 Nov 2022 16:16:26 GMT
________________________________
--- The information is for inforamtional purposes only.
* Origin: Read us with
http://winpoint.org JID:
rs@captflint.com