CVE-2025-1133 in ChurchCRMinformazioni

Riassunto

di MITRE • 19/02/2025

A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based blind SQL Injection vulnerability in the EditEventAttendees functionality. The EID parameter is directly concatenated into an SQL query without proper sanitization, making it susceptible to SQL injection attacks. An attacker can manipulate the query, potentially leading to data exfiltration, modification, or deletion.  Please note that this vulnerability requires Administrator privileges.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Responsabile

Gridware

Prenotare

08/02/2025

Divulgazione

19/02/2025

Moderazione

accettato

CPE

pronto

EPSS

0.00583

KEV

no

Attività

molto basso

Fonti

Do you want to use VulDB in your project?

Use the official API to access entries easily!