Summary
It was identified that the Database Restore functionality does not validate the content or file extension of uploaded files. As a result, an attacker can upload a web shell file and subsequently upload a .htaccess file to enable direct access to it. Once accessed, the uploaded web shell allows remote code execution (RCE) on the server.
Details
First, the attacker uploads a web shell file to the system.
then we add .htaccess file to make the directory accessible
then we can acces and have a web shell on the server as seen below;
Impact
Exploitation of this vulnerability results in full Remote Code Execution (RCE) on the underlying server. By abusing the insecure file upload logic in the Database Restore functionality, an attacker can upload a web shell and subsequently activate it by manipulating .htaccess rules. Once executed, the web shell provides direct command execution capabilities on the operating system with the privileges of the web server user.
This level of access completely compromises the confidentiality, integrity, and availability of the system. The attacker can read, modify, or delete any application files, including configuration files containing database credentials. Access to these credentials enables full control over the application database, allowing unauthorized manipulation of user data, financial records, internal configurations, and audit logs.
Furthermore, obtaining OS-level command execution allows the attacker to pivot laterally within the server environment, escalate privileges through local misconfigurations, implant backdoors, exfiltrate sensitive data, or abuse the server as part of a broader attack chain (e.g., staging malware, hosting phishing pages, or launching attacks against internal systems).
Because the attack breaks isolation between the application layer and the operating system, the impact extends far beyond the scope of the ChurchCRM application itself. This qualifies as a complete system compromise and should be treated as a critical security risk requiring immediate remediation.
Saadet-T Reporter
Summary
It was identified that the Database Restore functionality does not validate the content or file extension of uploaded files. As a result, an attacker can upload a web shell file and subsequently upload a .htaccess file to enable direct access to it. Once accessed, the uploaded web shell allows remote code execution (RCE) on the server.
Details
First, the attacker uploads a web shell file to the system.
then we add .htaccess file to make the directory accessible
then we can acces and have a web shell on the server as seen below;
Impact
Exploitation of this vulnerability results in full Remote Code Execution (RCE) on the underlying server. By abusing the insecure file upload logic in the Database Restore functionality, an attacker can upload a web shell and subsequently activate it by manipulating .htaccess rules. Once executed, the web shell provides direct command execution capabilities on the operating system with the privileges of the web server user.
This level of access completely compromises the confidentiality, integrity, and availability of the system. The attacker can read, modify, or delete any application files, including configuration files containing database credentials. Access to these credentials enables full control over the application database, allowing unauthorized manipulation of user data, financial records, internal configurations, and audit logs.
Furthermore, obtaining OS-level command execution allows the attacker to pivot laterally within the server environment, escalate privileges through local misconfigurations, implant backdoors, exfiltrate sensitive data, or abuse the server as part of a broader attack chain (e.g., staging malware, hosting phishing pages, or launching attacks against internal systems).
Because the attack breaks isolation between the application layer and the operating system, the impact extends far beyond the scope of the ChurchCRM application itself. This qualifies as a complete system compromise and should be treated as a critical security risk requiring immediate remediation.