CNNVD-202512-3252 Information

CNNVD ID

CNNVD-202512-3252

Related CVE

CVE-2025-66395

• CNNVD Published: 2025-12-17

Description (Chinese)

ChurchCRM是ChurchCRM开源的一个为教会打造的开源 CRM 系统。 ChurchCRM 6.5.3之前版本存在安全漏洞，该漏洞源于src/ListEvents.php文件中WhichType参数清理或类型转换不足，可能导致SQL注入攻击。

Description (English)

ChurchCRM is an open-source CRM system for the Church, which is an open-source source of ChunchCRM. A security loophole existed in the pre-ChurchCRM 6.5.3 version, which originated from the clean-up or inadequate typologie of WhichType parameters in src/ListEvents.php, which could lead to an SQL injection attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

ChurchCRM

Published

2025-12-17

Last Modified

2026-02-24

References

https://github.com/ChurchCRM/CRM/security/advisories/GHSA-c9xf-f3gr-xfwv https://access.redhat.com/security/cve/cve-2025-66395

Patch

https://github.com/ChurchCRM/CRM/releases