Home

Description

ChurchCRM is an open-source church management system. Versions prior to 6.5.3 may disclose database information in an error message including the host, ip, username, and password. Version 6.5.3 fixes the issue.

PUBLISHED Reserved 2025-12-15 | Published 2025-12-17 | Updated 2025-12-18 | Assigner GitHub_M




CRITICAL: 10.0CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Problem types

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE-209: Generation of Error Message Containing Sensitive Information

Product status

< 6.5.3
affected

References

github.com/...RM/CRM/security/advisories/GHSA-82mq-xc2j-3qv2 exploit

github.com/...RM/CRM/security/advisories/GHSA-82mq-xc2j-3qv2

cve.org (CVE-2025-68110)

nvd.nist.gov (CVE-2025-68110)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.