CVE-2024-37418

Name of the Vulnerable Software and Affected Versions Andy Moyle Church Admin versions n/a through 4.4.6

Description The issue allows an attacker to upload a web shell to a web server due to an unrestricted upload of file with dangerous type vulnerability. This enables potential remote code execution on the server.

Recommendations For versions n/a through 4.4.6, update to a version later than 4.4.6 to resolve the issue. As a temporary workaround, consider restricting file uploads to only necessary and safe file types until a patch is available. Restrict access to the file upload functionality to minimize the risk of exploitation.