SourceCodester One Church Management System is an application of SourceCodester, Inc. A SQL injection vulnerability exists in SourceCodester One Church Management System version 1.0, which stems from The search2 parameter of attachancy.php lacks validation for external input SQL statements, which can be exploited to execute illegal SQL commands to steal sensitive database data.