9 matches found
ChurchCRM Access Control Error Vulnerability
ChurchCRM is an open source church management system. ChurchCRM suffers from an access control error vulnerability that stems from an access control flaw in the allowRegistration, acceptKiosk, reloadKiosk, and identifyKiosk functions of the Kiosk Manager function, which can be exploited by an...
CVE-2025-66397
ChurchCRM is an open-source church management system. Prior to version 6.5.3, the allowRegistration, acceptKiosk, reloadKiosk, and identifyKiosk functions in the Kiosk Manager feature suffers from broken access control, allowing any authenticated user to allow and accept kiosk registrations, and...
CVE-2025-66397
ChurchCRM is an open-source church management system. Prior to version 6.5.3, the allowRegistration, acceptKiosk, reloadKiosk, and identifyKiosk functions in the Kiosk Manager feature suffers from broken access control, allowing any authenticated user to allow and accept kiosk registrations, and...
CVE-2025-66397 ChurchCRM's Kiosk Manager Functions are vulnerable to Broken Access Control
ChurchCRM is an open-source church management system. Prior to version 6.5.3, the allowRegistration, acceptKiosk, reloadKiosk, and identifyKiosk functions in the Kiosk Manager feature suffers from broken access control, allowing any authenticated user to allow and accept kiosk registrations, and...
CVE-2025-66397
ChurchCRM’s CVE-2025-66397 describes an access-control flaw in the Kiosk Manager: prior to version 6.5.3, any authenticated user could perform actions such as allowRegistration, acceptKiosk, reloadKiosk, and identifyKiosk. Affected software is ChurchCRM, specifically the Kiosk Manager functions. ...
CVE-2025-66397 ChurchCRM's Kiosk Manager Functions are vulnerable to Broken Access Control
ChurchCRM is an open-source church management system. Prior to version 6.5.3, the allowRegistration, acceptKiosk, reloadKiosk, and identifyKiosk functions in the Kiosk Manager feature suffers from broken access control, allowing any authenticated user to allow and accept kiosk registrations, and...
EUVD-2025-203928
ChurchCRM is an open-source church management system. Prior to version 6.5.3, the allowRegistration, acceptKiosk, reloadKiosk, and identifyKiosk functions in the Kiosk Manager feature suffers from broken access control, allowing any authenticated user to allow and accept kiosk registrations, and...
CVE-2025-66397 ChurchCRM's Kiosk Manager Functions are vulnerable to Broken Access Control
ChurchCRM is an open-source church management system. Prior to version 6.5.3, the allowRegistration, acceptKiosk, reloadKiosk, and identifyKiosk functions in the Kiosk Manager feature suffers from broken access control, allowing any authenticated user to allow and accept kiosk registrations, and...
PT-2025-51870
Name of the Vulnerable Software and Affected Versions ChurchCRM versions prior to 6.5.3 Description ChurchCRM, an open-source church management system, has an issue with access control in the Kiosk Manager feature. Specifically, the allowRegistration, acceptKiosk, reloadKiosk, and identifyKiosk...