Skip to content

apena-ba/CVE-2024-39306

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
 
 
 
 

Repository files navigation

Description

This script is a PoC for CVE-2024-39306, where a RCE is possible due to a SQLi where an authenticated user can execute arbitrary commands on a server running ChurchCRM <= 5.8.0

Usage

python3 CVE-2024-39306.py -u <USERNAME> -p <PASSWORD> -b <URL> -c <COMMAND>

Example: python3 CVE-2024-39306.py -u FirstLast -p Password123 -b http://localhost/churchcrm -c whoami

Links

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages