Submit #671101: ChurchCRM <= 5.18.0 Path Traversalinfo

TitleChurchCRM <= 5.18.0 Path Traversal
DescriptionPath traversal vulnerability in backup restore functionality allows authenticated administrators to upload arbitrary files and achieve remote code execution by overwriting Apache .htaccess configuration files and uploading PHP webshells.
Source⚠️ https://github.com/uartu0/advisories/blob/main/churchcrm-path-traversal-rce-2025.md
User
 uartu0 (UID 90021)
Submission10/08/2025 05:13 (6 months ago)
Moderation10/18/2025 14:54 (10 days later)
StatusAccepted
VulDB entry329015 [ChurchCRM up to 5.18.0 Backup Restore RestoreJob.php restoreFile path traversal]
Points16

PreviousOverviewNext

Want to know what is going to be exploited?

We predict KEV entries!