2 matches found
EUVD-2025-203990
ChurchCRM is an open-source church management system. In versions prior to 6.5.3, the Database Restore functionality does not validate the content or file extension of uploaded files. As a result, an attacker can upload a web shell file and subsequently upload a .htaccess file to enable direct...
CVE-2025-67726
Tornado (Python) vulnerability CVE-2025-67726 affects versions 6.5.2 and earlier, due to an inefficient _parseparam-based parsing of HTTP header parameters (e.g., Content-Disposition). The implementation repeatedly calls string.count() inside a nested loop while handling quoted semicolons, causin...