EUVD-2026-19771
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
3Tags
Description
ChurchCRM is an open-source church management system. Prior to 6.5.3, a path traversal vulnerability in ChurchCRM's backup restore functionality allows authenticated administrators to upload arbitrary files and achieve remote code execution by overwriting Apache .htaccess configuration files. The vulnerability exists in src/ChurchCRM/Backup/RestoreJob.php. The $rawUploadedFile['name'] parameter is user-controlled and allows uploading files with arbitrary names to /var/www/html/tmp_attach/ChurchCRMBackups/. This vulnerability is fixed in 6.5.3.
Analysis
Remote code execution in ChurchCRM versions prior to 6.5.3 allows authenticated administrators to upload malicious files via path traversal in the backup restore functionality, overwriting Apache .htaccess files to execute arbitrary code. The vulnerability exploits unsanitized user input in RestoreJob.php, enabling attackers with high-privilege access to bypass intended upload restrictions. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all ChurchCRM deployments and document current versions via application settings or file inspection. Within 7 days: Upgrade all instances to ChurchCRM 6.5.3 or later if available; if unavailable, restrict backup/restore functionality to trusted administrators only and disable file uploads temporarily. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today