Primary

Context

SourceCodester Best Church Management Software Path Traversal Vulnerability Allowing Arbitrary File Deletion

Vulnerability

A path traversal vulnerability has been identified in SourceCodester Best Church Management Software version 1.0. The issue resides in the file '/admin/app/profile_crud.php', where the 'old_cat_img' parameter can be manipulated to traverse directories and access '../filedir'. This vulnerability can be exploited remotely, potentially leading to unauthorized file deletion.

Impact

Exploitation of this vulnerability allows for arbitrary file deletion on the server.

Reproduction

To reproduce this vulnerability, send a POST request to '/admin/app/profile_crud.php' with the 'old_cat_img' parameter set to a path traversal payload, such as '../../htaccess'. This can be done using a tool like Burp Suite or Postman, by selecting 'multipart/form-data' as the content type and including the desired file traversal payload in the 'old_cat_img' field.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SourceCodester Best Church Management Software Path Traversal Vulnerability Allowing Arbitrary File Deletion

Vulnerability

Impact

Reproduction

Affected Products

SourceCodester Best Church Management Software

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating