ChurchCRM is an open source CRM system for churches. ChurchCRM v4.5.3 suffers from a CSV injection vulnerability that stems from improperly neutralizing a formula element via the last name and first name input fields when creating a new account, which can be exploited by an attacker to execute arbitrary code via a crafted excel file.
CPE | Name | Operator | Version |
---|---|---|---|
churchcrm churchcrm v | eq | 4.5.3 |