Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ChurchCRM's Kiosk Manager Functions are vulnerable to Broken Access Control
Vulnerability Description
ChurchCRM is an open-source church management system. Prior to version 6.5.3, the allowRegistration, acceptKiosk, reloadKiosk, and identifyKiosk functions in the Kiosk Manager feature suffers from broken access control, allowing any authenticated user to allow and accept kiosk registrations, and perform other Kiosk Manager actions such as reload and identify. Version 6.5.3 fixes the issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
Vulnerability Type
访问控制不恰当
Vulnerability Title
ChurchCRM 访问控制错误漏洞
Vulnerability Description
ChurchCRM是ChurchCRM开源的一个为教会打造的开源 CRM 系统。 ChurchCRM 6.5.3之前版本存在访问控制错误漏洞,该漏洞源于Kiosk Manager功能存在访问控制缺陷,可能导致任何经过身份验证的用户执行Kiosk Manager操作。
CVSS Information
N/A
Vulnerability Type
N/A