CVE-2025-11939 ChurchCRM Backup Restore RestoreJob.php path traversal

A vulnerability was determined in ChurchCRM up to 5.18.0. This issue affects some unknown processing of the file src/ChurchCRM/Backup/RestoreJob.php of the component Backup Restore Handler. Executing a manipulation of the argument restoreFile can lead to path traversal. The attack may be launched...

ChurchCRM 路径遍历漏洞

ChurchCRM is an open source CRM system for churches. ChurchCRM 5.18.0 and previous versions of path traversal vulnerability, the vulnerability stems from the file src/ChurchCRM/Backup/RestoreJob.php parameter restoreFile fails to correctly filter the resource or file path of the special elements,...