Radio
Événements
Concours
Passez sur Nostalgie
Musique & souvenirs
to block common SQL injection patterns.
In late 2018, security researcher Ihsan Sencan discovered a critical vulnerability in Alive Parish 2.0.4. The software, designed for church administration, contained flaws that allowed unauthenticated users to take full control of the web server. The technical details were released as part of the Exploit-DB #45840 report, which includes the downloadable .rar archive containing the proof-of-concept (PoC) code. 45840.rar
More dangerously, the system's "person photo upload" feature lacks sufficient validation. The exploit demonstrates how a malicious actor can upload a PHP shell (malicious script) into the images/uploaded directory. Once uploaded, the attacker can execute system-level commands, effectively gaining Remote Code Execution (RCE) on the server. to block common SQL injection patterns
The exploit targets a search endpoint where the key parameter is improperly sanitized. An attacker can use this to execute arbitrary SQL queries, potentially leaking sensitive parishioner data or bypassing authentication entirely. The technical details were released as part of
in the images/uploaded directory to prevent uploaded shells from running.