automatic module_metadata_base.json update

db/modules_metadata_base.json

@@ -107281,16 +107281,17 @@
     "needs_cleanup": null
   },
   "exploit_multi/http/churchcrm_install_unauth_rce": {
-    "name": "ChurchCRM Unauthenticated RCE 6.8.0",
+    "name": "ChurchCRM Unauthenticated RCE via Setup Page",
     "fullname": "exploit/multi/http/churchcrm_install_unauth_rce",
     "aliases": [],
-    "rank": 300,
+    "rank": 600,
     "disclosure_date": "2025-12-17",
     "type": "exploit",
     "author": [
+      "Arthur Valverde (uartu0)",
       "LucasCsmt"
     ],
-    "description": "This module exploits an unauthenticated remote code execution\n          vulnerability in the installation process of ChurchCRM versions\n          6.8.0 and earlier. By sending a specially crafted POST request to\n          the 'setup' page, an attacker can execute arbitrary commands on the\n          target server. This module uploads a meterpreter payload to the\n          target server and executes it, allowing for remote code execution.",
+    "description": "ChurchCRM <= 6.8.0 allows unauthenticated remote code execution via\n          the setup page. The DB_PASSWORD field in the installation form is written\n          directly into Include/Config.php without sanitization, allowing PHP code\n          injection. The injected config file is then included on every request,\n          triggering the payload. Note that the fix claimed in 5.21.0 only added\n          a strlen check on the password field, leaving the injection intact.",
     "references": [
       "GHSA-m8jq-j3p9-2xf3",
       "CVE-2025-62521"
@@ -107316,9 +107317,9 @@
     "targets": [
       "Linux/unix Command (CmdStager)",
       "PHP (In-Memory)",
-      "PHP (fetch)"
+      "PHP (Fetch)"
     ],
-    "mod_time": "2026-02-13 14:42:07 +0000",
+    "mod_time": "2026-03-07 03:59:42 +0000",
     "path": "/modules/exploits/multi/http/churchcrm_install_unauth_rce.rb",
     "is_install_path": true,
     "ref_name": "multi/http/churchcrm_install_unauth_rce",