CVE-2025-68111 ChurchCRM has SQL Injection in eGive Import Feature

ChurchCRM is an open-source church management system. In versions prior to 6.5.3, a SQL injection vulnerability exists in the eGive.php file within the "ReImport" functionality. An authenticated user with finance privileges can execute arbitrary SQL queries by manipulating the MissingEgiveFamID...

CVE-2025-68111 ChurchCRM has SQL Injection in eGive Import Feature

ChurchCRM is an open-source church management system. In versions prior to 6.5.3, a SQL injection vulnerability exists in the eGive.php file within the "ReImport" functionality. An authenticated user with finance privileges can execute arbitrary SQL queries by manipulating the MissingEgiveFamID...

CVE-2025-68111

ChurchCRM is affected by a SQL injection in the eGive.php file (ReImport) for versions prior to 6.5.3. An authenticated user with finance privileges can manipulate the MissingEgive_FamID_... POST parameter to execute arbitrary SQL, leading to unauthorized data access, modification, or deletion wi...

CVE-2025-68111 ChurchCRM has SQL Injection in eGive Import Feature

ChurchCRM is an open-source church management system. In versions prior to 6.5.3, a SQL injection vulnerability exists in the eGive.php file within the "ReImport" functionality. An authenticated user with finance privileges can execute arbitrary SQL queries by manipulating the MissingEgiveFamID...