CVE-2025-1133 | ChurchCRM up to 5.13.0 EditEventAttendees EID sql injection

Inserito da Angelo Barbosa | Feb 19, 2025 | CVE

A vulnerability classified as critical was found in ChurchCRM up to 5.13.0. This vulnerability affects the function EditEventAttendees. The manipulation of the argument EID leads to sql injection.

This vulnerability was named CVE-2025-1133. The attack can be initiated remotely. There is no exploit available.

CVE-2025-1133 | ChurchCRM up to 5.13.0 EditEventAttendees EID sql injection

Post correlati

CVE-2025-24800 | polytope-labs hyperbridge up to 15.0.0 control flow (GHSA-wwx5-gpgr-vxr7)

CVE-2024-0342 | Inis up to 2.0.1 Sqlite.php sql sql injection

CVE-2024-6007 | Netentsec NS-ASG Application Security Gateway 6.3 deleteiscgwrouteconf.php messagecontent sql injection

CVE-2024-45845 | nix up to 2.24.5 path traversal