CNNVD-202512-3175 Information
Dec 17, 2025
cve
CNNVD ID
CNNVD-202512-3175
Related CVE
- CNNVD Published: 2025-12-17
Description (Chinese)
ChurchCRM是ChurchCRM开源的一个为教会打造的开源 CRM 系统。 ChurchCRM 6.5.3之前版本存在SQL注入漏洞,该漏洞源于对eGive.php文件中MissingEgive_FamID_参数处理不当,可能导致SQL注入攻击。
Description (English)
ChurchCRM is an open-source CRM system for the Church, which is an open-source source of ChunchCRM. The previous version of ChurchCRM 6.5.3 had an injection loophole in SQL, which stemmed from the mishandling of the parameters of MissingEgive FamID in eGive.php, which could lead to an attack on SQL.
Hazard Level
Medium
Vulnerability Type
SQL注入
Affected Vendor
ChurchCRM
Published
2025-12-17
Last Modified
2026-02-24
References
https://github.com/ChurchCRM/CRM/security/advisories/GHSA-c4vm-87vf-hmx9 https://access.redhat.com/security/cve/cve-2025-68111
Patch
https://github.com/ChurchCRM/CRM/releases
Share on: