Lucene search
+L

4 matches found

NVD
NVD
added 2025/02/19 9:15 a.m.32 views

CVE-2025-1134

A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based and time-based blind SQL Injection vulnerability in the DonatedItemEditor functionality. The CurrentFundraiser parameter is directly concatenated into an SQL...

9.3CVSS0.00731EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/02/19 8:58 a.m.30 views

CVE-2025-1134 SQL Injection in ChurchCRM CurrentFundraiser Parameter via DonatedItemEditor.php

A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based and time-based blind SQL Injection vulnerability in the DonatedItemEditor functionality. The CurrentFundraiser parameter is directly concatenated into an SQL...

9.3CVSS0.00731EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/02/19 8:58 a.m.15 views

CVE-2025-1134 SQL Injection in ChurchCRM CurrentFundraiser Parameter via DonatedItemEditor.php

A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based and time-based blind SQL Injection vulnerability in the DonatedItemEditor functionality. The CurrentFundraiser parameter is directly concatenated into an SQL...

9.3CVSS7.5AI score0.00731EPSS
Exploits1References1
OSV
OSV
added 2025/02/19 8:58 a.m.7 views

CVE-2025-1134 SQL Injection in ChurchCRM CurrentFundraiser Parameter via DonatedItemEditor.php

A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based and time-based blind SQL Injection vulnerability in the DonatedItemEditor functionality. The CurrentFundraiser parameter is directly concatenated into an SQL...

9.3CVSS7.6AI score0.00731EPSS
Exploits1References3
Rows per page
Query Builder