[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2026-35573":6},{"stargazers_count":4,"fetched_at":5},5,"2026-04-07T21:11:43.830Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":51,"aliases":52,"duplicate_of":9,"upstream":53,"downstream":54,"duplicates":55,"related":56,"reserved_at":9,"published_at":57,"modified_at":57,"state":58,"summary":59,"references_raw":66,"kevs":72,"epss":9,"epss_history":73,"metrics":74,"affected":80},"CVE-2026-35573","ChurchCRM is an open-source church management system. Prior to 6.5.3, a path traversal vulnerability in ChurchCRM's backup restore functionality allows authenticated administrators to upload arbitrary files and achieve remote code execution by overwriting Apache .htaccess configuration files. The vulnerability exists in src/ChurchCRM/Backup/RestoreJob.php. The $rawUploadedFile['name'] parameter is user-controlled and allows uploading files with arbitrary names to /var/www/html/tmp_attach/ChurchCRMBackups/. This vulnerability is fixed in 6.5.3.",null,[11,40],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-22","Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.","weakness","Stable","Base","High",[20,24,28,32,36],{"id":21,"name":22,"techniques":23},"CAPEC-126","Path Traversal",[],{"id":25,"name":26,"techniques":27},"CAPEC-64","Using Slashes and URL Encoding Combined to Bypass Validation Logic",[],{"id":29,"name":30,"techniques":31},"CAPEC-76","Manipulating Web Input to File System Calls",[],{"id":33,"name":34,"techniques":35},"CAPEC-78","Using Escaped Slashes in Alternate Encoding",[],{"id":37,"name":38,"techniques":39},"CAPEC-79","Using Slashes in Alternate Encoding",[],{"_key":41,"id":41,"name":42,"description":43,"type":15,"status":44,"abstraction":17,"likelihood_of_exploit":45,"capec":46},"CWE-434","Unrestricted Upload of File with Dangerous Type","The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.","Draft","Medium",[47],{"id":48,"name":49,"techniques":50},"CAPEC-1","Accessing Functionality Not Properly Constrained by ACLs",[],[],[],[],[],[],[],"2026-04-07T17:06:07.161Z","PUBLISHED",{"cisa_kev":60,"cisa_ransomware":60,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":61,"severity_score":62,"severity_version":63,"severity_source":64,"severity_vector":65,"severity_status":58},false,"critical",9.1,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",[67],{"url":68,"sources":69,"tags":70},"https://github.com/ChurchCRM/CRM/security/advisories/GHSA-r6cr-mvr9-f6wx",[64],[71],"X Refsource CONFIRM",[],[],[75],{"source":64,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":76,"cvss_v4_0":9},{"baseScore":62,"baseSeverity":77,"vectorString":65,"impactScore":78,"exploitabilityScore":79},"CRITICAL",10,5.9,[81],{"ecosystem":9,"name":82,"vendor":83,"product":84,"cpe_part":85,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":86},"CRM","churchcrm","crm","a",[87],{"version":88,"is_range":89,"range_type":64,"version_start":9,"version_start_type":9,"version_end":90,"version_end_type":91,"fixed_in":9},"\u003C 6.5.3",true,"6.5.3","excluding"]