Church Management System
CVE-2021-41643
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Remote Code Execution (RCE) vulnerability exists in Sourcecodester Church Management System 1.0 via the image upload field.
AnalysisAI
Remote Code Execution (RCE) vulnerability exists in Sourcecodester Church Management System 1.0 via the image upload field. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Unrestricted File Upload (CWE-434), which allows attackers to upload malicious files that can be executed on the server. Remote Code Execution (RCE) vulnerability exists in Sourcecodester Church Management System 1.0 via the image upload field. Affected products include: Church Management System Project Church Management System.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate file types server-side, store uploads outside webroot, use random filenames, scan for malware.
More in Church Management System
View allA vulnerability, which was classified as critical, was found in Campcodes Church Management System 1.0. Rated critical s
A vulnerability, which was classified as critical, has been found in Campcodes Church Management System 1.0. Rated criti
A vulnerability was found in Campcodes Church Management System 1.0. Rated high severity (CVSS 8.8), this vulnerability
A vulnerability was found in Campcodes Church Management System 1.0. Rated high severity (CVSS 8.8), this vulnerability
A vulnerability was found in Campcodes Church Management System 1.0. Rated high severity (CVSS 8.8), this vulnerability
A vulnerability was found in Campcodes Church Management System 1.0 and classified as critical.php. Rated high severity
A vulnerability has been found in Campcodes Church Management System 1.0 and classified as critical. Rated high severity
A vulnerability classified as critical has been found in SourceCodester Church Management System 1.0. Rated high severit
Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edi
An arbitrary file upload vulnerability in the /admin/admin_pic.php component of Church Management System v1.0 allows att
Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edi
Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edi
Share
External POC / Exploit Code
Leaving vuln.today