CVE-2025-3954

Medium CVSS: 6.3

A vulnerability, which was classified as problematic, has been found in ChurchCRM 5.16.0. Affected by this issue is some unknown functionality of the component Referer Handler. The manipulation leads to server-side request forgery. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Vendor

Churchcrm

Product

Churchcrm

CWE

CWE-918

Yayın Tarihi

2025-04-26 22:15:16

Güncelleme

2025-05-29 15:48:06

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-918 Churchcrm MEDIUM Churchcrm 2025

Referanslar

https://everydaysparkling.com/ssrf-via-referrer-field-in-churchcrm-v5-16-0/ https://vuldb.com/?ctiid.306290 https://vuldb.com/?id.306290 https://vuldb.com/?submit.555938 https://everydaysparkling.com/ssrf-via-referrer-field-in-churchcrm-v5-16-0/

Benzer Kayıtlar

Medium

CVE-2026-32880

ChurchCRM is an open-source church management system. Versions prior to 7.0.2 allow an admin user to edit JSON type syst…

Low

CVE-2026-26059

ChurchCRM is an open-source church management system. In versions prior to 6.8.2, it was possible for an authenticated u…

High

CVE-2026-24854

ChurchCRM is an open-source church management system. A SQL Injection vulnerability exists in endpoint `/PaddleNumEditor…

High

CVE-2026-24855

ChurchCRM is an open-source church management system. Versions prior to 6.7.2 have a Stored Cross-Site Scripting (XSS) v…

Low

CVE-2025-68399

ChurchCRM is an open-source church management system. In versions prior to 6.5.4, there is a Stored Cross-Site Scripting…

Critical

CVE-2025-68400

ChurchCRM is an open-source church management system. A SQL Injection vulnerability exists in the legacy endpoint `/Repo…