Vulnerabilities (CVE)

Filtered by vendor Church Management System Project Subscribe

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2021-41661	1 Church Management System Project	1 Church Management System	2022-06-27	7.5 HIGH	9.8 CRITICAL
Church Management System version 1.0 is affected by a SQL anjection vulnerability through creating a user with a PHP file as an avatar image, which is accessible through the /uploads directory. This can lead to RCE on the web server by uploading a PHP webshell.
CVE-2021-41643	1 Church Management System Project	1 Church Management System	2021-11-02	7.5 HIGH	9.8 CRITICAL
Remote Code Execution (RCE) vulnerability exists in Sourcecodester Church Management System 1.0 via the image upload field.