40 matches found
CVE-2026-40484
ChurchCRM prior to version 7.2.0 is affected by an authenticated remote code execution in the database backup restore feature. The restore operation extracts uploaded archives and copies files from Images/ into the web root using recursiveCopyDirectory(), without file extension filtering, allowin...
CVE-2026-40484 ChurchCRM: Authenticated Remote Code Execution via Unrestricted PHP File Write in Database Restore Function
ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the database backup restore functionality extracts uploaded archive contents and copies files from the Images/ directory into the web-accessible document root using recursiveCopyDirectory, which performs no file...
ChurchCRM Database Restore RCE 6.2.0
This module exploits a Remote Code Execution RCE vulnerability in ChurchCRM versions prior to 6.2.0. The vulnerability resides in the Database Restore functionality, which allows an authenticated user with administrative privileges to upload a malicious backup file. By bypassing upload restrictio...
📄 ChurchCRM Database Restore Remote Code Execution
This Metasploit module exploits a remote code execution vulnerability in ChurchCRM versions prior to 6.2.0. The vulnerability resides in the Database Restore functionality, which allows an authenticated user with administrative privileges to upload a malicious backup file. By bypassing upload...
GO-2026-4873 Ella Core has Privilege Escalation via Database Restore by NetworkManager role in github.com/ellanetworks/core
Ella Core has Privilege Escalation via Database Restore by NetworkManager role in github.com/ellanetworks/core...
PT-2026-29928
Ella Core has Privilege Escalation via Database Restore by NetworkManager role in github.com/ellanetworks/core...
CVE-2026-33906
CVE-2026-33906 concerns Ella Core, a 5G core for private networks. Prior to version 1.7.0, the NetworkManager role had backup/restore permissions, and the restore endpoint accepted any valid SQLite file without validating contents. An attacker with NetworkManager privileges could replace the prod...
CVE-2026-33906 Ella Core has Privilege Escalation via Database Restore by NetworkManager role
Ella Core is a 5G core designed for private networks. Prior to version 1.7.0, the NetworkManager role was granted backup and restore permission. The restore endpoint accepted any valid SQLite file without verifying its contents. A NetworkManager could replace the production database with a tamper...
Ella Core has Privilege Escalation via Database Restore by NetworkManager role
Summary The NetworkManager role was granted backup and restore permission. The restore endpoint accepted any valid SQLite file without verifying its contents. Impact A NetworkManager could replace the production database with a tampered copy to escalate to Admin, gaining access to user management...
GHSA-87J9-M7X6-HVW2 Ella Core has Privilege Escalation via Database Restore by NetworkManager role
Summary The NetworkManager role was granted backup and restore permission. The restore endpoint accepted any valid SQLite file without verifying its contents. Impact A NetworkManager could replace the production database with a tampered copy to escalate to Admin, gaining access to user management...
CVE-2026-28409
WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, a critical Remote Code Execution RCE vulnerability exists in the WeGIA application's database restoration functionality. An attacker with administrative access which can be obtained via the previously reported...
CVE-2026-28409 WeGIA Vulnerable to Remote Code Execution (RCE) via OS Command Injection
WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, a critical Remote Code Execution RCE vulnerability exists in the WeGIA application's database restoration functionality. An attacker with administrative access which can be obtained via the previously reported...
PT-2026-22412
Name of the Vulnerable Software and Affected Versions WeGIA versions prior to 3.6.5 Description WeGIA is a web manager for charitable institutions. A critical Remote Code Execution RCE issue exists in the application’s database restoration functionality. An attacker with administrative access can...
ChurchCRM Code Execution Vulnerability (CNVD-2026-0535893)
ChurchCRM is an open source church management system. ChurchCRM suffers from a code execution vulnerability that stems from the database restore feature not validating the content or extension of uploaded files, which can be exploited by an attacker to cause remote code execution...
CVE-2025-68109
ChurchCRM is an open-source church management system. In versions prior to 6.5.3, the Database Restore functionality does not validate the content or file extension of uploaded files. As a result, an attacker can upload a web shell file and subsequently upload a .htaccess file to enable direct...
CVE-2025-68109 ChurchCRM vulnerable to RCE with database restore functionality
ChurchCRM is an open-source church management system. In versions prior to 6.5.3, the Database Restore functionality does not validate the content or file extension of uploaded files. As a result, an attacker can upload a web shell file and subsequently upload a .htaccess file to enable direct...
CVE-2025-68109
ChurchCRM (open-source CRM) is affected in versions prior to 6.5.3. The vulnerability arises in the Database Restore feature, which does not validate the content or file extension of uploaded files, enabling an attacker to upload a web shell and then an .htaccess file to gain direct access. This ...
CVE-2025-68109 ChurchCRM vulnerable to RCE with database restore functionality
ChurchCRM is an open-source church management system. In versions prior to 6.5.3, the Database Restore functionality does not validate the content or file extension of uploaded files. As a result, an attacker can upload a web shell file and subsequently upload a .htaccess file to enable direct...
CVE-2025-68109 ChurchCRM vulnerable to RCE with database restore functionality
ChurchCRM is an open-source church management system. In versions prior to 6.5.3, the Database Restore functionality does not validate the content or file extension of uploaded files. As a result, an attacker can upload a web shell file and subsequently upload a .htaccess file to enable direct...
PT-2025-51927
Name of the Vulnerable Software and Affected Versions ChurchCRM versions prior to 6.5.3 Description ChurchCRM is an open-source church management system. The Database Restore functionality does not validate the content or file extension of uploaded files. This allows an attacker to upload a web...