CVE-2021-43258

Read Time:27 Second

CartView.php in ChurchInfo 1.3.0 allows attackers to achieve remote code execution through insecure uploads. This requires authenticated access tot he ChurchInfo application. Once authenticated, a user can add names to their cart, and compose an email. Uploading an attachment for the email stores the attachment on the site in the /tmp_attach/ folder where it can be accessed with a GET request. There are no limitations on files that can be attached, allowing for malicious PHP code to be uploaded and interpreted by the server.

US Treasury Department Sanctions Chinese Company Over Cyberattacks

Phishing Click Rates Triple in 2024

UK Government to Ban Creation of Explicit Deepfakes

CISA Claims Treasury Breach Did Not Impact Other Agencies

Supply Chain Attack Targets Key Ethereum Development Tools

New PhishWP Plugin Enables Sophisticated Payment Page Scams

Chinese Hackers Double Cyber-Attacks on Taiwan

Privacy of Photos.app’s Enhanced Visual Search

New Infostealer Campaign Uses Discord Videogame Lure

firefox-134.0-1.fc41

firefox-134.0-1.fc40

seamonkey-2.53.20-1.el8

seamonkey-2.53.20-1.fc40

seamonkey-2.53.20-1.fc41

USN-7187-1: Linux kernel (OEM) vulnerabilities