CVE-2025-66397 ChurchCRM's Kiosk Manager Functions are vulnerable to Broken Access Control

ChurchCRM is an open-source church management system. Prior to version 6.5.3, the allowRegistration, acceptKiosk, reloadKiosk, and identifyKiosk functions in the Kiosk Manager feature suffers from broken access control, allowing any authenticated user to allow and accept kiosk registrations, and...

EUVD-2025-203928

ChurchCRM is an open-source church management system. Prior to version 6.5.3, the allowRegistration, acceptKiosk, reloadKiosk, and identifyKiosk functions in the Kiosk Manager feature suffers from broken access control, allowing any authenticated user to allow and accept kiosk registrations, and...

ChurchCRM 访问控制错误漏洞

ChurchCRM is an open source church management system. ChurchCRM suffers from an access control error vulnerability that stems from an access control flaw in the allowRegistration, acceptKiosk, reloadKiosk, and identifyKiosk functions of the Kiosk Manager function, which can be exploited by an...

PT-2025-51870

Name of the Vulnerable Software and Affected Versions ChurchCRM versions prior to 6.5.3 Description ChurchCRM, an open-source church management system, has an issue with access control in the Kiosk Manager feature. Specifically, the allowRegistration, acceptKiosk, reloadKiosk, and identifyKiosk...