Vesp3Rtine

**Name of the Vulnerable Software and Affected Versions** ChurchCRM versions prior to 6.5.3 **Description** ChurchCRM, an open-source church management system, has an issue with access control in the Kiosk Manager feature. Specifically, the `allowRegistration`, `acceptKiosk`, `reloadKiosk`, and `identifyKiosk` functions are affected. Any authenticated user can perform actions such as allowing and accepting kiosk registrations, reloading, and identifying kiosks. **Recommendations** Update to version 6.5.3 or later.