6 matches found
CVE-2025-11529
A security flaw has been discovered in ChurchCRM up to 5.18.0. This impacts the function AuthMiddleware of the file src/ChurchCRM/Slim/Middleware/AuthMiddleware.php of the component API Endpoint. The manipulation results in missing authentication. The attack can be executed remotely. The exploit...
CVE-2025-11529
A security flaw has been discovered in ChurchCRM up to 5.18.0. This impacts the function AuthMiddleware of the file src/ChurchCRM/Slim/Middleware/AuthMiddleware.php of the component API Endpoint. The manipulation results in missing authentication. The attack can be executed remotely. The exploit...
CVE-2025-11529
A security flaw has been discovered in ChurchCRM up to 5.18.0. This impacts the function AuthMiddleware of the file src/ChurchCRM/Slim/Middleware/AuthMiddleware.php of the component API Endpoint. The manipulation results in missing authentication. The attack can be executed remotely. The exploit...
EUVD-2025-33260
A security flaw has been discovered in ChurchCRM up to 5.18.0. This impacts the function AuthMiddleware of the file src/ChurchCRM/Slim/Middleware/AuthMiddleware.php of the component API Endpoint. The manipulation results in missing authentication. The attack can be executed remotely. The exploit...
CVE-2025-11529
This CVE affects ChurchCRM up to version 5.18.0 in the API Endpoint’s AuthMiddleware (src/ChurchCRM/Slim/Middleware/AuthMiddleware.php). The vulnerability is an authentication bypass: the AuthMiddleware function allows missing authentication, enabling remote exploitation. Public exploits exist, a...
ChurchCRM 安全漏洞
ChurchCRM is ChurchCRM open source an open source CRM system for churches. ChurchCRM 5.18.0 and earlier versions have an authentication error vulnerability that stems from a lack of authentication in the AuthMiddleware function in the API Endpoint component, which can be exploited by an attacker ...