CVE-2025-1133 - ChurchCRM SQL Injection Vulnerability

CVE ID : CVE-2025-1133 Published : Feb. 19, 2025, 9:15 a.m. | 2 hours, 14 minutes ago Description : A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based blind SQL Injection vulnerability in the EditEventAttendees functionality. The EID parameter is directly concatenated into an SQL query without proper sanitization, making it susceptible to SQL injection attacks. An attacker can manipulate the query, potentially leading to data exfiltration, modification, or deletion. Please note that this vulnerability requires Administrator privileges. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Autor

Feb 19, 2025 - 12:30

0 0

CVE-2025-1133 - ChurchCRM SQL Injection Vulnerability

CVE ID : CVE-2025-1133
Published : Feb. 19, 2025, 9:15 a.m. | 2 hours, 14 minutes ago
Description : A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based blind SQL Injection vulnerability in the EditEventAttendees functionality. The EID parameter is directly concatenated into an SQL query without proper sanitization, making it susceptible to SQL injection attacks. An attacker can manipulate the query, potentially leading to data exfiltration, modification, or deletion. Please note that this vulnerability requires Administrator privileges.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE-2025-1133 - ChurchCRM SQL Injection Vulnerability

Tags:

Verwandte Beiträge

Follow Us

Popular Posts

Recommended Posts

Popular Tags