ChurchCRM Server-Side Request Forgery Vulnerability in Referer Handler Component

A server-side request forgery (SSRF) vulnerability has been identified in ChurchCRM version 5.16.0. The issue arises from the Referer Handler component, which fails to properly validate referrer URLs. This lack of validation allows for external HEAD requests to be sent from the server, potentially leading to denial-of-service conditions. The vulnerability can be exploited remotely, but doing so is considered to be of high complexity.

Impact

Exploitation of this vulnerability allows for server-side request forgery, where an attacker can manipulate the server to send requests to internal or external resources. This could be used to access sensitive information or services that are not normally exposed.

Reproduction

To reproduce this vulnerability, log into a ChurchCRM instance running version 5.16.0. Then, send a GET request to the Dashboard while including an external referrer. The server will respond by sending a HEAD request to the specified referrer, demonstrating the SSRF vulnerability.