Executive Summary

CVE-2026-35578 is a low-severity open redirect vulnerability in the ChurchCRM application affecting versions prior to 7.0.0. The issue occurs because the application does not properly validate the 'linkBack' URL parameter in various parts of the system, such as DonatedItemEditor.php. An attacker can craft a URL containing this parameter with an arbitrary external URL. When an authenticated user visits this URL and clicks the 'Cancel' button, they are redirected to the attacker-controlled site without any safety checks.

This vulnerability requires the victim to be authenticated and at least one fundraiser to exist in the system. It falls under CWE-601, which is URL Redirection to Untrusted Site.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can be exploited by attackers to redirect authenticated users of ChurchCRM to arbitrary external websites controlled by the attacker. This can facilitate phishing attacks or other malicious activities by tricking users into visiting malicious sites.

Because the redirect happens after clicking the 'Cancel' button, users might be unaware that they are being sent to a potentially harmful site, increasing the risk of credential theft, malware infection, or other social engineering attacks.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by identifying URLs in the ChurchCRM application that include the 'linkBack' parameter, especially in pages like DonatedItemEditor.php. An example detection method is to look for URLs where the 'linkBack' parameter points to an external site.

A practical approach is to monitor web server logs or use web application scanning tools to find requests containing the 'linkBack' parameter with external URLs.

For manual detection, you can use commands like the following to search web server logs for suspicious 'linkBack' parameters:

• grep -i 'linkBack=http' /path/to/webserver/access.log
• grep -Eo 'linkBack=[^&]+' /path/to/webserver/access.log | grep -v 'yourdomain.com'

Additionally, testing the application by navigating to pages such as DonatedItemEditor.php and manually modifying the URL to include an external URL in the 'linkBack' parameter can confirm if clicking 'Cancel' redirects to the external site.

Useful 0 Not Useful 0

Mitigation Strategies

The immediate mitigation step is to upgrade the ChurchCRM application to version 7.0.0 or later, where this vulnerability has been fixed.

If upgrading immediately is not possible, restrict access to the affected pages to trusted users only and educate authenticated users to be cautious about clicking 'Cancel' buttons on suspicious links.

Additionally, review and sanitize the 'linkBack' parameter in the application code to ensure it only allows internal URLs or trusted domains.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability in ChurchCRM allows attackers to redirect authenticated users to arbitrary external URLs via an unvalidated 'linkBack' parameter. This open redirect flaw can facilitate phishing or other malicious activities by misleading users.

While the CVE description and resources do not explicitly mention compliance with standards like GDPR or HIPAA, such open redirect vulnerabilities can indirectly impact compliance by increasing the risk of unauthorized data exposure or user deception. For example, phishing attacks enabled by this vulnerability could lead to unauthorized access to personal or sensitive data, which would be a concern under regulations requiring data protection and user privacy.

Therefore, organizations using affected versions of ChurchCRM should consider this vulnerability as a risk factor in their compliance posture and apply the patch to mitigate potential regulatory impacts.

Useful 0 Not Useful 0