Lucene search
HistoryApr 25, 2023 - 1:15 p.m.
CVE-2023-25348
churchcrm
4.5.3
csv injection
code execution
excel file
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
25.9%
ChurchCRM 4.5.3 was discovered to contain a CSV injection vulnerability via the Last Name and First Name input fields when creating a new person. These vulnerabilities allow attackers to execute arbitrary code via a crafted excel file.
Affected configurations
Node
churchcrmchurchcrmMatch4.5.3
| CPE | Name | Operator | Version |
|---|---|---|---|
| churchcrm:churchcrm | churchcrm | eq | 4.5.3 |
Related
osv
osv
CVE-2023-25348
2023-04-25 13:15:09
nvd
nvd
CVE-2023-25348
2023-04-25 13:15:09
prion
prion
Design/Logic Flaw
2023-04-25 13:15:00
cvelist
cvelist
CVE-2023-25348
2023-04-25 00:00:00
cnvd
cnvd
ChurchCRM CSV Injection Vulnerability
2023-04-28 00:00:00
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
25.9%
Related for CVE-2023-25348