2 matches found
CVE-2025-66397
ChurchCRM’s CVE-2025-66397 describes an access-control flaw in the Kiosk Manager: prior to version 6.5.3, any authenticated user could perform actions such as allowRegistration, acceptKiosk, reloadKiosk, and identifyKiosk. Affected software is ChurchCRM, specifically the Kiosk Manager functions. ...
CVE-2025-66397 ChurchCRM's Kiosk Manager Functions are vulnerable to Broken Access Control
ChurchCRM is an open-source church management system. Prior to version 6.5.3, the allowRegistration, acceptKiosk, reloadKiosk, and identifyKiosk functions in the Kiosk Manager feature suffers from broken access control, allowing any authenticated user to allow and accept kiosk registrations, and...