adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions 9 Packages Projects Releases Wiki Activity

Update documentation/modules/exploit/multi/http/churchcrm_db_restore_rce.md

Browse Source 
Co-authored-by: Brendan <bwatters@rapid7.com>
This commit is contained in:
adfoster-r7
2026-04-15 16:07:43 +01:00
committed by GitHub
parent 3f25048d9b
commit 0ba59a1254
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
documentation/modules/exploit/multi/http/churchcrm_db_restore_rce.md
+1 -1
View File
@@ -8,7 +8,7 @@ This module exploits an authenticated Remote Code Execution (RCE) vulnerability
The application fails to properly validate the integrity and format of uploaded backup files during the restoration process. Specifically, even when file is identified as malfomed or invalid, it is still writen to a web-accessible directory.
An autenticated attacker can levrage this behavior to upload a malicious `.htaccess` file to reconfigure the server's directory permissions, followed by a PHP payload. This allow for the execution of arbitrary code under the context of the web server user.
An autenticated attacker can leverage this behavior to upload a malicious `.htaccess` file to reconfigure the server's directory permissions, followed by a PHP payload. This allow for the execution of arbitrary code under the context of the web server user.
- Project Homepage: https://churchcrm.io/
- Source Code: https://github.com/ChurchCRM/CRM