CNNVD-202512-3249 Information
Dec 17, 2025
cve
CNNVD ID
CNNVD-202512-3249
Related CVE
- CNNVD Published: 2025-12-17
Description (Chinese)
ChurchCRM是ChurchCRM开源的一个为教会打造的开源 CRM 系统。 ChurchCRM 5.21.0之前版本存在代码注入漏洞,该漏洞源于安装向导中用户输入未经验证直接写入配置文件,可能导致远程代码执行。
Description (English)
ChurchCRM is an open-source CRM system for the Church, which is an open-source source of ChunchCRM. ChurchCRM, version 5.21.0, had a code injection loophole, which originated from the unverified direct input of users in the installation wizard into the configuration file, which could lead to remote code execution.
Hazard Level
Low
Vulnerability Type
代码注入
Affected Vendor
ChurchCRM
Published
2025-12-17
Last Modified
2026-02-24
References
https://github.com/ChurchCRM/CRM/security/advisories/GHSA-m8jq-j3p9-2xf3
Patch
https://github.com/ChurchCRM/CRM/releases
Share on: