Churchdesk: >> Churchrota >> 2.6.4 Security Vulnerabilities
ChurchRota 2.6.4 is vulnerable to authenticated remote code execution. The user does not need to have file upload permission in order to upload and execute an arbitrary file via a POST request to resources.php.
CVSS Score
8.8
EPSS Score
0.212
Published
2021-01-26