Описание
ChurchCRM is an open-source church management system. Prior to version 6.5.0, the application echoes back plaintext passwords submitted by users in subsequent HTTP responses. This information disclosure significantly increases the risk of credential compromise and may amplify the impact of other vulnerabilities (e.g., XSS, IDOR, session fixation), enabling attackers to harvest other users’ passwords. Version 6.5.0 fixes the issue.
Уязвимые конфигурации
Конфигурация 1Версия до 6.5.0 (исключая)
cpe:2.3:a:churchcrm:churchcrm:*:*:*:*:*:*:*:*
EPSS
Процентиль: 9%
0.00033
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-204
EPSS
Процентиль: 9%
0.00033
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-204