A vulnerability classified as critical was found in ChurchCRM up to 5.13.0. This vulnerability affects the function EditEventAttendees. The manipulation of the argument EID leads to sql injection.

This vulnerability was named CVE-2025-1133. The attack can be initiated remotely. There is no exploit available.