CNNVD-202512-3176 Information
Dec 17, 2025
cve
CNNVD ID
CNNVD-202512-3176
Related CVE
- CNNVD Published: 2025-12-17
Description (Chinese)
ChurchCRM是ChurchCRM开源的一个为教会打造的开源 CRM 系统。 ChurchCRM 6.5.3之前版本存在SQL注入漏洞,该漏洞源于对src/CartToFamily.php文件中PersonAddress参数处理不当,可能导致SQL注入攻击。
Description (English)
ChurchCRM is an open-source CRM system for the Church, which is an open-source source of ChunchCRM. The previous version of ChurchCRM 6.5.3 had an injection loophole in SQL, which stemmed from the mishandling of the PersonAddress parameters in the src/CartToFamily.php document, which could lead to an attack on SQL.
Hazard Level
High
Vulnerability Type
SQL注入
Affected Vendor
ChurchCRM
Published
2025-12-17
Last Modified
2026-02-24
References
https://github.com/ChurchCRM/CRM/security/advisories/GHSA-h3vq-9gr6-h9r4 https://access.redhat.com/security/cve/cve-2025-67877
Patch
https://github.com/ChurchCRM/CRM/releases
Share on: