CNNVD-202510-2553 Information
CNNVD ID
CNNVD-202510-2553
Related CVE
- CNNVD Published: 2025-10-19
Description (Chinese)
ChurchCRM是ChurchCRM开源的一个为教会打造的开源 CRM 系统。 ChurchCRM 5.18.0及之前版本存在路径遍历漏洞,该漏洞源于对文件src/ChurchCRM/Backup/RestoreJob.php中参数restoreFile的错误操作,可能导致路径遍历攻击。
Description (English)
ChurchCRM is an open-source CRM system for the Church, which is an open-source source of ChunchCRM. There is a routing loophole in ChurchCR 5.18.0 and earlier versions, which stems from an error in the use of the parameter RestoreFile in document src/ChurchCRM/Backup/RestoreJob.php, which could lead to a routing attack.
Hazard Level
High
Vulnerability Type
路径遍历
Affected Vendor
ChurchCRM
Published
2025-10-19
Last Modified
2026-02-24
References
https://vuldb.com/?id.329015 https://vuldb.com/?ctiid.329015 https://vuldb.com/?submit.671101 https://github.com/uartu0/advisories/blob/main/churchcrm-path-traversal-rce-2025.md https://access.redhat.com/security/cve/cve-2025-11939
Patch
https://github.com/ChurchCRM/CRM/releases
Share on: