ChurchCRM Open Redirect Vulnerability in DonatedItemEditor.php Prior to 7.0.0

An open redirect vulnerability has been identified in ChurchCRM, an open-source church management system, in versions prior to 7.0.0. The issue arises in multiple locations within the application where the 'linkBack' URL parameter is used. The application fails to validate this parameter, allowing attackers to specify arbitrary URLs. When an authenticated user clicks the 'Cancel' button on the affected page, they are redirected to the attacker-controlled URL without any safety checks.

Impact

Exploitation of this vulnerability allows for open redirect, where users are sent to an external URL of the attacker's choice, potentially leading to phishing or other malicious activities.

Reproduction

To reproduce this vulnerability, an authenticated user must create a fundraiser and then access the 'Donated Item Editor' page. While on this page, the 'linkBack' parameter can be manipulated to include a malicious URL. Once the 'Cancel' button is clicked, the user will be redirected to the specified URL, demonstrating the open redirect vulnerability.

Remediation

Users are advised to update to ChurchCRM version 7.0.0 or later, where this vulnerability has been fixed.