CNNVD-202512-024 Information

CNNVD ID

CNNVD-202512-024

Related CVE

CVE-2025-66313

• CNNVD Published: 2025-12-01

Description (Chinese)

ChurchCRM是ChurchCRM开源的一个为教会打造的开源 CRM 系统。 ChurchCRM 6.2.0及之前版本存在SQL注入漏洞，该漏洞源于时间型盲SQL注入，可能导致数据泄露和修改。

Description (English)

ChurchCRM is an open-source CRM system for the Church, which is an open-source source of ChunchCRM. The churchCR 6.2.0 and previous versions contained a SQL injection loophole, which originated in a time blind SQL injection and could lead to data leakage and modification.

Hazard Level

High

Vulnerability Type

SQL注入

Affected Vendor

ChurchCRM

Published

2025-12-01

Last Modified

2026-02-24

References

https://github.com/ChurchCRM/CRM/security/advisories/GHSA-47q3-c874-mqvp https://github.com/ChurchCRM/CRM/commit/719a6bc73245c40e3c30dae6229daaecd451e59f https://access.redhat.com/security/cve/cve-2025-66313

Patch

https://github.com/ChurchCRM/CRM/releases