ChurchCRM is an open-source church management system. Prior to 6.5.3, a path traversal vulnerability in ChurchCRM's backup restore functionality allows authenti…

ChurchCRM, an open-source church management system, contains a path traversal vulnerability in versions prior to 6.5.3. The vulnerability exists in the backup restore functionality where authenticated administrators can exploit the $rawUploadedFile['name'] parameter in src/ChurchCRM/Backup/RestoreJob.php. This allows uploading arbitrary files with unrestricted names to /var/www/html/tmp_attach/ChurchCRMBackups/. Attackers can achieve remote code execution by overwriting Apache .htaccess configuration files. The vulnerability has been patched in version 6.5.3.