CNNVD-202512-3179 Information

CNNVD ID

CNNVD-202512-3179

Related CVE

CVE-2025-68109

• CNNVD Published: 2025-12-17

Description (Chinese)

ChurchCRM是ChurchCRM开源的一个为教会打造的开源 CRM 系统。 ChurchCRM 6.5.3之前版本存在安全漏洞，该漏洞源于数据库还原功能未验证上传文件的内容或扩展名，可能导致远程代码执行。

Description (English)

ChurchCRM is an open-source CRM system for the Church, which is an open-source source of ChunchCRM. The previous version of ChurchCRM 6.5.3 had a security gap, which stemmed from the fact that the database restoration function did not verify the content or extension of the upload file, which could lead to remote code execution.

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

ChurchCRM

Published

2025-12-17

Last Modified

2026-02-24

References

https://github.com/ChurchCRM/CRM/security/advisories/GHSA-pqm7-g8px-9r77 https://access.redhat.com/security/cve/cve-2025-68109

Patch

https://github.com/ChurchCRM/CRM/releases