This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: A code injection flaw in ChurchCRM's installation wizard. π₯ **Consequences**: The `$dbPassword` variable is uncleaned, leading to **Pre-authentication Remote Code Execution (RCE)**.β¦
π‘οΈ **Root Cause**: **CWE-94** (Code Injection). π **Flaw**: The installation wizard fails to sanitize the `$dbPassword` input variable before execution.β¦
π’ **Vendor**: ChurchCRM. π¦ **Product**: CRM System. π **Affected Versions**: All versions **prior to 7.1.0**. If you are running v7.0.x or earlier, you are vulnerable.
Q4What can hackers do? (Privileges/Data)
π **Privileges**: **Pre-authentication** access. No login needed! ποΈ **Data**: Full **Remote Code Execution**. Hackers can execute system commands, install backdoors, and take over the entire server infrastructure.
Q5Is exploitation threshold high? (Auth/Config)
π **Threshold**: **Extremely Low**. πͺ **Auth**: **None required** (Pre-auth). π **Network**: Remote (AV:N). π― **Complexity**: Low (AC:L). This is a critical, easy-to-exploit flaw.
Q6Is there a public Exp? (PoC/Wild Exploitation)
π **Public Exp?**: **Yes**. A GitHub Security Advisory (GHSA-pm2v-ggh4-mp7p) has been published. While specific PoC code isn't listed in the snippet, the advisory confirms the vulnerability is known and exploitable.
Q7How to self-check? (Features/Scanning)
π **Self-Check**: 1. Check your ChurchCRM version. 2. Look for the **Installation Wizard** endpoint. 3. Scan for unhandled `$dbPassword` parameters in POST requests during setup. 4.β¦
π§ **Fix**: **Yes**. Upgrade to **ChurchCRM 7.1.0** or later. The vendor has acknowledged the issue via GitHub Security Advisory and released a patch to sanitize the input.
Q9What if no patch? (Workaround)
π§ **Workaround**: If patching is impossible: 1. **Block** access to the installation wizard from the internet. 2. Ensure the installation wizard is **disabled** or removed in production. 3.β¦
π₯ **Urgency**: **CRITICAL**. π¨ **Priority**: **Immediate Action Required**. With **CVSS 9.8** (High) and **Pre-auth RCE**, this is a top-priority vulnerability. Patch immediately to prevent total server compromise.