A vulnerability classified as critical was found in ChurchCRM up to 5.13.0. This vulnerability affects the function
EditEventAttendees
. The manipulation of the argument EID leads to sql injection.
This vulnerability was named CVE-2025-1133. The attack can be initiated remotely. There is no exploit available.