CSRF Vulnerability in ChurchCRM v4.5.3 Allows Unauthorized Password Changes

CVE-2023-26841 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3 allows attackers to change any user's password except for the user that is currently logged in.

Learn more about our Crm Penetration Testing.