CVE-2025-68109
9.1
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Summary
ChurchCRM is an open-source church management system. In versions prior to 6.5.3, the Database Restore functionality does not validate the content or file extension of uploaded files. As a result, an attacker can upload a web shell file and subsequently upload a .htaccess file to enable direct access to it. Once accessed, the uploaded web shell allows remote code execution (RCE) on the server. Version 6.5.3 fixes the issue.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ChurchCRM | CRM | < 6.5.3 | affected |
Weaknesses
- CWE-78: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
- CWE-434: CWE-434: Unrestricted Upload of File with Dangerous Type
- CWE-494: CWE-494: Download of Code Without Integrity Check
- CWE-552: CWE-552: Files or Directories Accessible to External Parties
- CWE-915: CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.