CNNVD-202512-3173 Information

CNNVD ID

CNNVD-202512-3173

Related CVE

CVE-2025-68112

• CNNVD Published: 2025-12-17

Description (Chinese)

ChurchCRM是ChurchCRM开源的一个为教会打造的开源 CRM 系统。 ChurchCRM 6.5.3之前版本存在SQL注入漏洞，该漏洞源于事件参与者编辑器存在SQL注入漏洞，可能导致数据库完全泄露和系统接管。

Description (English)

ChurchCRM is an open-source CRM system for the Church, which is an open-source source of ChunchCRM. The previous version of ChurchCRM 6.5.3 had a SQL injection loophole, which stemmed from the event participant’s editor’s SQL injection loophole, which could lead to the full disclosure of the database and the system taking over.

Hazard Level

Low

Vulnerability Type

SQL注入

Affected Vendor

ChurchCRM

Published

2025-12-17

Last Modified

2026-02-24

References

https://github.com/ChurchCRM/CRM/security/advisories/GHSA-hxf4-3vhp-wqcq https://access.redhat.com/security/cve/cve-2025-68112

Patch

https://github.com/ChurchCRM/CRM/releases