CNNVD-202512-3255 Information
Dec 17, 2025
cve
CNNVD ID
CNNVD-202512-3255
Related CVE
- CNNVD Published: 2025-12-17
Description (Chinese)
ChurchCRM是ChurchCRM开源的一个为教会打造的开源 CRM 系统。 ChurchCRM 6.5.3之前版本存在SQL注入漏洞,该漏洞源于src/UserEditor.php文件中type参数数组键清理或类型转换不足,可能导致SQL注入攻击。
Description (English)
ChurchCRM is an open-source CRM system for the Church, which is an open-source source of ChunchCRM. The previous version of ChurchCRM 6.5.3 had an SQL injection loophole, which originated from a lack of type-key clean-up or type conversion in src/UserEditor.php files, which could lead to an SQL injection attack.
Hazard Level
High
Vulnerability Type
SQL注入
Affected Vendor
ChurchCRM
Published
2025-12-17
Last Modified
2026-02-24
References
https://github.com/ChurchCRM/CRM/security/advisories/GHSA-whpp-wx64-4qp9
Patch
https://github.com/ChurchCRM/CRM/releases
Share on: