Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2026/01/07 9:12 a.m.14 views

CVE-2025-1135

A vulnerability exists in ChurchCRM 5.13.0. and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based and time-based blind SQL Injection vulnerability in the BatchWinnerEntry functionality. The CurrentFundraiser parameter is directly concatenated into an SQL...

9.3CVSS8.3AI score0.00683EPSS
Exploits1References1
Circl
Circl
added 2025/02/19 9:15 a.m.19 views

CVE-2025-1135

creationtimestamp| type| source ---|---|--- 2025-02-19 09:15:56+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lijguapvfl2y 2025-02-19 11:01:48+00:00| published-proof-of-concept| Telegram/rLhwLXcL8Mn4otgpYmghgpVIj1d3aqFIFfUfzqDCbnUja0 2025-02-19 12:01:19+00:00| seen|...

9.3CVSS8.9AI score0.00683EPSS
Exploits1References5
NVD
NVD
added 2025/02/19 9:15 a.m.33 views

CVE-2025-1135

A vulnerability exists in ChurchCRM 5.13.0. and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based and time-based blind SQL Injection vulnerability in the BatchWinnerEntry functionality. The CurrentFundraiser parameter is directly concatenated into an SQL...

9.3CVSS0.00683EPSS
Exploits1References1
CVE
CVE
added 2025/02/19 9:1 a.m.62 views

CVE-2025-1135

CVE-2025-1135 (ChurchCRM) affects ChurchCRM 5.13.0 and earlier. The flaw is a boolean-based and time-based blind SQL injection in the BatchWinnerEntry feature where the CurrentFundraiser parameter is directly concatenated into an SQL query, enabling an attacker with administrator privileges to ma...

9.3CVSS7.5AI score0.00683EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/02/19 9:1 a.m.9 views

CVE-2025-1135 SQL Injection in ChurchCRM CurrentFundraiser Parameter via BatchWinnerEntry.php

A vulnerability exists in ChurchCRM 5.13.0. and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based and time-based blind SQL Injection vulnerability in the BatchWinnerEntry functionality. The CurrentFundraiser parameter is directly concatenated into an SQL...

9.3CVSS8.1AI score0.00683EPSS
Exploits1References1
OSV
OSV
added 2025/02/19 9:1 a.m.8 views

CVE-2025-1135 SQL Injection in ChurchCRM CurrentFundraiser Parameter via BatchWinnerEntry.php

A vulnerability exists in ChurchCRM 5.13.0. and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based and time-based blind SQL Injection vulnerability in the BatchWinnerEntry functionality. The CurrentFundraiser parameter is directly concatenated into an SQL...

9.3CVSS7.6AI score0.00683EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/02/19 9:1 a.m.33 views

CVE-2025-1135 SQL Injection in ChurchCRM CurrentFundraiser Parameter via BatchWinnerEntry.php

A vulnerability exists in ChurchCRM 5.13.0. and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based and time-based blind SQL Injection vulnerability in the BatchWinnerEntry functionality. The CurrentFundraiser parameter is directly concatenated into an SQL...

9.3CVSS0.00683EPSS
Exploits1References1
Rows per page
Query Builder