CNNVD-202512-3241 Information
Dec 17, 2025
cve
CNNVD ID
CNNVD-202512-3241
Related CVE
- CNNVD Published: 2025-12-17
Description (Chinese)
ChurchCRM是ChurchCRM开源的一个为教会打造的开源 CRM 系统。 ChurchCRM 6.5.3之前版本存在访问控制错误漏洞,该漏洞源于Kiosk Manager功能存在访问控制缺陷,可能导致任何经过身份验证的用户执行Kiosk Manager操作。
Description (English)
ChurchCRM is an open-source CRM system for the Church, which is an open-source source of ChunchCRM. ChurchCRM 6.5.3 has a bug in access control, which stems from the access control deficiencies of the Kiosk Manager function, which could lead to any authentication user performing the Kiosk Manager operation.
Hazard Level
Medium
Vulnerability Type
访问控制错误
Affected Vendor
ChurchCRM
Published
2025-12-17
Last Modified
2026-02-24
References
https://github.com/ChurchCRM/CRM/security/advisories/GHSA-32vr-ch3p-wmr5
Patch
https://github.com/ChurchCRM/CRM/releases
Share on: