[pull] master from rapid7:master#348
Merged
pull[bot] merged 33 commits intom-1-k-3:masterfrom Feb 16, 2026
Merged
Conversation
This commit add the module that exploit the ChurchCRM Unauth RCE.
The code have been refactored to be more organised.
Supression of the method 'check_execution' because it was to context related and it is impossible to predict how the web server react to command execution.
The documentation of the module is addedd.
The module have been tested on different version of ChurchCRM (6.8.0 and 6.2.0) prooving it's vulnerability to this exploit. This commit contains modification of the dockerfile/docker-compose in order to support multi-version installation.
Title has been changed in order to mention the version where the exploit work.
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
The 'alter_config' function has been altered in order to use random text as placeholder to fake information in the configuration. The GHSA is fixed too.
The PHP payload is injected directly into the PHP code injection. The cleanup method has been remove in favor of a InitialAutoRunScript that clear the config file.
The default option has been remove in favor of metasploit's default selection.
According to the recent change, i've changed the documentation and the scenario outputs.
In the last version of ChurchCRM (6.8.0), in order to be correct, the url in the post request needed to end with a '/'. This issues is now fixed and the exploit work again on the 6.8.0 version.
The documentation for PHP Fetch have been added. The scenario have been redone in order to track the last changes.
…62521) Adds exploit module for ChurchCRM unauth RCE (CVE-2025-62521)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )