CVE-2026-35573— ChurchCRM 代码问题漏洞

ChurchCRM has a Path traversal leads to RCE

ChurchCRM is an open-source church management system. Prior to 6.5.3, a path traversal vulnerability in ChurchCRM's backup restore functionality allows authenticated administrators to upload arbitrary files and achieve remote code execution by overwriting Apache .htaccess configuration files. The vulnerability exists in src/ChurchCRM/Backup/RestoreJob.php. The $rawUploadedFile['name'] parameter is user-controlled and allows uploading files with arbitrary names to /var/www/html/tmp_attach/ChurchCRMBackups/. This vulnerability is fixed in 6.5.3.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

对路径名的限制不恰当(路径遍历)

ChurchCRM 代码问题漏洞

ChurchCRM是ChurchCRM开源的一个为教会打造的开源 CRM 系统。 ChurchCRM 6.5.3之前版本存在代码问题漏洞，该漏洞源于备份还原功能中存在路径遍历，可能导致经过身份验证的管理员上传任意文件并通过覆盖Apache .htaccess配置文件实现远程代码执行。

N/A

N/A