A vulnerability, which was classified as critical, was found in ChurchCRM 5.5.0. This affects an unknown part of the file FRBidSheets.php of the component GET Parameter Handler. The manipulation of the argument CurrentFundraiser leads to sql injection.

This vulnerability is uniquely identified as CVE-2024-25891. The attack needs to be initiated within the local network. There is no exploit available.