Uartu0

Name of the Vulnerable Software and Affected Versions ChurchCRM versions prior to 6.5.3 Description ChurchCRM, an open-source church management system, contains a path traversal flaw in its backup restore functionality. Authenticated administrators can exploit this to upload arbitrary files and potentially achieve remote code execution by overwriting Apache .htaccess configuration files. The vulnerability resides in the `RestoreJob.php` file within the `src/ChurchCRM/Backup/RestoreJob.php` path. The `$rawUploadedFile['name']` parameter is user-controlled, enabling the upload of files with arbitrary names to the `/var/www/html/tmp attach/ChurchCRMBackups/` directory. Recommendations Update ChurchCRM to version 6.5.3 or later.

Name of the Vulnerable Software and Affected Versions ChurchCRM versions prior to 6.5.3 Description ChurchCRM, an open-source church management system, contains a stored Cross-Site Scripting (XSS) flaw in the Note Editor. Authenticated users with note-adding permissions can execute arbitrary JavaScript code in the context of other users’ browsers, including administrators. This could lead to session hijacking, privilege escalation, and unauthorized access to sensitive church member data. Recommendations Update to version 6.5.3 or later.

Name of the Vulnerable Software and Affected Versions ChurchCRM versions prior to 7.1.0 Description ChurchCRM, an open-source church management system, has a critical pre-authentication remote code execution issue in its setup wizard. Unauthenticated attackers can inject arbitrary PHP code during the initial installation process, potentially leading to complete server compromise. The issue stems from an incomplete fix for a previous issue and is related to unsanitized input in the `$dbPassword` variable. Recommendations Update to version 7.1.0.

Name of the Vulnerable Software and Affected Versions ChurchCRM versions prior to 7.1.0 Description ChurchCRM, an open-source church management system, contains a critical authentication bypass issue in its API middleware (ChurchCRM/Slim/Middleware/AuthMiddleware.php). Attackers can bypass authentication and access all protected API endpoints by including "api/public" in the request URL. This allows complete exposure of church member data and system information. Recommendations Update to version 7.1.0.

**Name of the Vulnerable Software and Affected Versions** ChurchCRM versions prior to 6.5.3 **Description** ChurchCRM is an open-source church management system. A SQL injection flaw exists in the Event Attendee Editor. This allows authenticated users to execute arbitrary SQL commands, potentially leading to complete database compromise, administrative credential theft, and system takeover. Attackers could extract sensitive member data, authentication credentials, and financial information. The vulnerable component is the Event Attendee Editor. SQL injection is a code injection technique used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution. **Recommendations** Upgrade to version 6.5.3 to address this issue.

**Name of the Vulnerable Software and Affected Versions** ChurchCRM versions prior to 5.21.0 **Description** ChurchCRM is an open-source church management system. Prior to version 5.21.0, a pre-authentication remote code execution issue exists in the setup wizard. Unauthenticated attackers can inject arbitrary PHP code during the initial installation process, potentially leading to complete server compromise. The issue is located in `setup/routes/setup.php`, where user input from the setup form is directly concatenated into a PHP configuration template without validation or sanitization. Any parameter in the setup form can be used to inject PHP code that is written to `Include/Config.php` and subsequently executed on every page load. The vulnerability is more severe than typical authenticated remote code execution issues because it requires no credentials and affects the installation process. **Recommendations** Versions prior to 5.21.0 should be updated to version 5.21.0 or later.

**Name of the Vulnerable Software and Affected Versions** ChurchCRM versions prior to 5.18.0 **Description** A path traversal issue exists in ChurchCRM due to improper handling of the `restoreFile` argument within the Backup Restore Handler component, specifically in the file src/ChurchCRM/Backup/RestoreJob.php. This allows for remote exploitation through manipulation of this argument. The vulnerability has been publicly disclosed. **Recommendations** Update ChurchCRM to version 5.18.0 or later.

**Name of the Vulnerable Software and Affected Versions** ChurchCRM versions prior to 5.18.0 **Description** A remote attacker can exploit a deserialization flaw in the `setup.php` file. Manipulation of the `DB PASSWORD`, `ROOT PATH`, or `URL` arguments can trigger the issue. The complexity of the attack is high, and exploitability is difficult. The exploit has been publicly released. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ChurchCRM versions prior to 5.18.0 **Description** A security flaw exists in ChurchCRM impacting the `AuthMiddleware` function within the `src/ChurchCRM/Slim/Middleware/AuthMiddleware.php` file of the API Endpoint component. This allows for missing authentication and can be exploited remotely. The exploit has been publicly released. **Recommendations** Apply the patch identified as 3a1cffd2aea63d884025949cfbcfd274d06216a4.