CVE-2026-40484: CWE-269: Improper Privilege Management in ChurchCRM CRM
ChurchCRM versions prior to 7. 2. 0 contain a critical vulnerability in the database backup restore functionality. An authenticated administrator can upload a crafted backup archive with a PHP webshell in the Images/ directory, which is then copied to a web-accessible location without file extension filtering, enabling remote code execution. Additionally, the restore endpoint lacks CSRF token validation, allowing cross-site request forgery attacks against authenticated administrators. This vulnerability has been fixed in version 7. 2. 0.
AI Analysis
Technical Summary
In ChurchCRM versions before 7.2.0, the database backup restore feature uses a recursive copy function that does not filter file extensions when copying files from the Images/ directory to the web root. This allows an authenticated administrator to upload a malicious backup archive containing a PHP webshell, which becomes publicly accessible and executable via HTTP, resulting in remote code execution as the web server user. The restore endpoint also lacks CSRF protection, enabling attackers to exploit this vulnerability via cross-site request forgery targeting authenticated administrators. The issue is tracked as CVE-2026-40484 and has a CVSS 3.1 score of 9.1 (critical). The vulnerability is fixed in ChurchCRM version 7.2.0.
Potential Impact
Successful exploitation allows an authenticated administrator to achieve remote code execution on the web server, compromising confidentiality, integrity, and availability of the affected system. The lack of CSRF protection increases the attack surface by enabling attackers to trigger the restore functionality without direct interaction from the administrator. This can lead to full system compromise under the privileges of the web server user.
Mitigation Recommendations
Upgrade ChurchCRM to version 7.2.0 or later, where this vulnerability is fixed. Until the upgrade is applied, restrict administrator access to trusted users only and avoid using the backup restore functionality with untrusted archives. Monitor for suspicious activity related to backup restores. Patch status is confirmed fixed in version 7.2.0.
CVE-2026-40484: CWE-269: Improper Privilege Management in ChurchCRM CRM
Description
ChurchCRM versions prior to 7. 2. 0 contain a critical vulnerability in the database backup restore functionality. An authenticated administrator can upload a crafted backup archive with a PHP webshell in the Images/ directory, which is then copied to a web-accessible location without file extension filtering, enabling remote code execution. Additionally, the restore endpoint lacks CSRF token validation, allowing cross-site request forgery attacks against authenticated administrators. This vulnerability has been fixed in version 7. 2. 0.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
In ChurchCRM versions before 7.2.0, the database backup restore feature uses a recursive copy function that does not filter file extensions when copying files from the Images/ directory to the web root. This allows an authenticated administrator to upload a malicious backup archive containing a PHP webshell, which becomes publicly accessible and executable via HTTP, resulting in remote code execution as the web server user. The restore endpoint also lacks CSRF protection, enabling attackers to exploit this vulnerability via cross-site request forgery targeting authenticated administrators. The issue is tracked as CVE-2026-40484 and has a CVSS 3.1 score of 9.1 (critical). The vulnerability is fixed in ChurchCRM version 7.2.0.
Potential Impact
Successful exploitation allows an authenticated administrator to achieve remote code execution on the web server, compromising confidentiality, integrity, and availability of the affected system. The lack of CSRF protection increases the attack surface by enabling attackers to trigger the restore functionality without direct interaction from the administrator. This can lead to full system compromise under the privileges of the web server user.
Mitigation Recommendations
Upgrade ChurchCRM to version 7.2.0 or later, where this vulnerability is fixed. Until the upgrade is applied, restrict administrator access to trusted users only and avoid using the backup restore functionality with untrusted archives. Monitor for suspicious activity related to backup restores. Patch status is confirmed fixed in version 7.2.0.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-04-13T19:50:42.114Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69e2c47fbdfbbecc59a12f99
Added to database: 4/17/2026, 11:38:39 PM
Last enriched: 4/17/2026, 11:53:02 PM
Last updated: 4/18/2026, 6:32:37 AM
Views: 15
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.