CSRF Vulnerability in ChurchCRM v4.5.3 Allows Unauthorized Password Changes
CVE-2023-26841 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3 allows attackers to change any user's password except for the user that is currently logged in.
Learn more about our Crm Penetration Testing.