Skip to main content

Church Management System CVE-2021-41643

CRITICAL
Unrestricted Upload of File with Dangerous Type (CWE-434)
2021-10-29 cve@mitre.org
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Oct 29, 2021 - 17:15 nvd
CRITICAL 9.8

DescriptionNVD

Remote Code Execution (RCE) vulnerability exists in Sourcecodester Church Management System 1.0 via the image upload field.

AnalysisAI

Remote Code Execution (RCE) vulnerability exists in Sourcecodester Church Management System 1.0 via the image upload field. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Unrestricted File Upload (CWE-434), which allows attackers to upload malicious files that can be executed on the server. Remote Code Execution (RCE) vulnerability exists in Sourcecodester Church Management System 1.0 via the image upload field. Affected products include: Church Management System Project Church Management System.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate file types server-side, store uploads outside webroot, use random filenames, scan for malware.

CVE-2024-3535 CRITICAL POC
9.8 Apr 10

A vulnerability, which was classified as critical, was found in Campcodes Church Management System 1.0. Rated critical s

CVE-2024-3534 CRITICAL POC
9.8 Apr 10

A vulnerability, which was classified as critical, has been found in Campcodes Church Management System 1.0. Rated criti

CVE-2024-3540 HIGH POC
8.8 Apr 10

A vulnerability was found in Campcodes Church Management System 1.0. Rated high severity (CVSS 8.8), this vulnerability

CVE-2024-3539 HIGH POC
8.8 Apr 10

A vulnerability was found in Campcodes Church Management System 1.0. Rated high severity (CVSS 8.8), this vulnerability

CVE-2024-3538 HIGH POC
8.8 Apr 10

A vulnerability was found in Campcodes Church Management System 1.0. Rated high severity (CVSS 8.8), this vulnerability

CVE-2024-3537 HIGH POC
8.8 Apr 10

A vulnerability was found in Campcodes Church Management System 1.0 and classified as critical.php. Rated high severity

CVE-2024-3536 HIGH POC
8.8 Apr 10

A vulnerability has been found in Campcodes Church Management System 1.0 and classified as critical. Rated high severity

CVE-2022-2680 HIGH POC
8.8 Aug 05

A vulnerability classified as critical has been found in SourceCodester Church Management System 1.0. Rated high severit

CVE-2022-45328 HIGH POC
7.2 Nov 30

Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edi

CVE-2022-41406 HIGH POC
7.2 Oct 12

An arbitrary file upload vulnerability in the /admin/admin_pic.php component of Church Management System v1.0 allows att

CVE-2022-38595 HIGH POC
7.2 Sep 15

Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edi

CVE-2022-38594 HIGH POC
7.2 Sep 15

Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edi

Share

CVE-2021-41643 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy