CartView.php in ChurchInfo 1.3.0 allows attackers to achieve remote code execution through insecure uploads. This requires authenticated access tot he ChurchInfo application. Once authenticated, a user can add names to their cart, and compose an email.
59 hits since 2022-11-24
PHP Vulns Source Ratio: 16% (8192 total, 670 propagated, 4096 filtered)