7 matches found
CVE-2025-1135
A vulnerability exists in ChurchCRM 5.13.0. and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based and time-based blind SQL Injection vulnerability in the BatchWinnerEntry functionality. The CurrentFundraiser parameter is directly concatenated into an SQL...
CVE-2025-1135
creationtimestamp| type| source ---|---|--- 2025-02-19 09:15:56+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lijguapvfl2y 2025-02-19 11:01:48+00:00| published-proof-of-concept| Telegram/rLhwLXcL8Mn4otgpYmghgpVIj1d3aqFIFfUfzqDCbnUja0 2025-02-19 12:01:19+00:00| seen|...
CVE-2025-1135
A vulnerability exists in ChurchCRM 5.13.0. and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based and time-based blind SQL Injection vulnerability in the BatchWinnerEntry functionality. The CurrentFundraiser parameter is directly concatenated into an SQL...
CVE-2025-1135
CVE-2025-1135 (ChurchCRM) affects ChurchCRM 5.13.0 and earlier. The flaw is a boolean-based and time-based blind SQL injection in the BatchWinnerEntry feature where the CurrentFundraiser parameter is directly concatenated into an SQL query, enabling an attacker with administrator privileges to ma...
CVE-2025-1135 SQL Injection in ChurchCRM CurrentFundraiser Parameter via BatchWinnerEntry.php
A vulnerability exists in ChurchCRM 5.13.0. and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based and time-based blind SQL Injection vulnerability in the BatchWinnerEntry functionality. The CurrentFundraiser parameter is directly concatenated into an SQL...
CVE-2025-1135 SQL Injection in ChurchCRM CurrentFundraiser Parameter via BatchWinnerEntry.php
A vulnerability exists in ChurchCRM 5.13.0. and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based and time-based blind SQL Injection vulnerability in the BatchWinnerEntry functionality. The CurrentFundraiser parameter is directly concatenated into an SQL...
CVE-2025-1135 SQL Injection in ChurchCRM CurrentFundraiser Parameter via BatchWinnerEntry.php
A vulnerability exists in ChurchCRM 5.13.0. and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based and time-based blind SQL Injection vulnerability in the BatchWinnerEntry functionality. The CurrentFundraiser parameter is directly concatenated into an SQL...