제출 #671083: ChurchCRM <= 5.18.0 Remote Code Execution (RCE)정보

제목ChurchCRM <= 5.18.0 Remote Code Execution (RCE)
설명Critical pre-authentication remote code execution in ChurchCRM setup wizard. Attackers can inject arbitrary PHP code via setup form parameters that are directly concatenated into executable configuration files without validation, achieving immediate server compromise during mandatory installation process.
원천⚠️ https://github.com/uartu0/advisories/blob/main/churchcrm-setup-rce-2025.md
사용자
 uartu0 (UID 90021)
제출2025. 10. 08. AM 04:45 (6 개월 ago)
모더레이션2025. 10. 18. PM 02:54 (10 days later)
상태수락
VulDB 항목329014 [ChurchCRM 까지 5.18.0 setup/routes/setup.php DB_PASSWORD/ROOT_PATH/URL 권한 상승]
포인트들17

이전개요다음