CNNVD-202512-3122 Information

CNNVD ID

CNNVD-202512-3122

Related CVE

CVE-2025-67751

• CNNVD Published: 2025-12-16

Description (Chinese)

ChurchCRM是ChurchCRM开源的一个为教会打造的开源 CRM 系统。 ChurchCRM 6.5.0之前版本存在SQL注入漏洞，该漏洞源于EventEditor.php文件存在SQL注入问题，可能导致执行任意SQL查询。

Description (English)

ChurchCRM is an open-source CRM system for the Church, which is an open-source source of ChunchCRM. There was a SQL injection loophole in the pre-ChurchCRM 6.5.0, which originated from the SQL injection problem in the EventEditor.php file, which could lead to the execution of any SQL queries.

Hazard Level

Medium

Vulnerability Type

SQL注入

Affected Vendor

ChurchCRM

Published

2025-12-16

Last Modified

2026-02-24

References

https://github.com/ChurchCRM/CRM/commit/2d6cf7aed9af1b9b47e125d1a2266f8e2a88f3fd https://github.com/ChurchCRM/CRM/security/advisories/GHSA-wxcc-gvfv-56fg https://access.redhat.com/security/cve/cve-2025-67751

Patch

https://github.com/ChurchCRM/CRM/releases