- Description
- A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based blind SQL Injection vulnerability in the EditEventAttendees functionality. The EID parameter is directly concatenated into an SQL query without proper sanitization, making it susceptible to SQL injection attacks. An attacker can manipulate the query, potentially leading to data exfiltration, modification, or deletion. Please note that this vulnerability requires Administrator privileges.
- Source
- b7efe717-a805-47cf-8e9a-921fca0ce0ce
- NVD status
- Received
CVSS 4.0
- Type
- Secondary
- Base score
- 9.3
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:C/RE:H/U:Red
- Severity
- CRITICAL
- b7efe717-a805-47cf-8e9a-921fca0ce0ce
- CWE-89
- Hype score
- Not currently trending
🚨 Critical Security Vulnerability 🆔 CVE-2025-1132, CVE-2025-1133, CVE-2025-1134, CVE-2025-1135 💣 CVSS Score: 9.3, 9.3, 9.3, 9.3 📅 Published Date: 25/02/19 ⚠️ Details: A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries
@DarkWebInformer
19 Feb 2025
2112 Impressions
1 Retweet
25 Likes
2 Bookmarks
0 Replies
0 Quotes
CVE-2025-1133 A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based blind SQL Injection vulnerab… https://t.co/TziHUPeUS2
@CVEnew
19 Feb 2025
302 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-1133: CRITICAL] Critical SQL injection vulnerability in ChurchCRM 5.13.0 allows attackers to execute arbitrary queries through EditEventAttendees. Ensure immediate patching to prevent data breaches. #cyb...#cybersecurity,#vulnerability https://t.co/QrFhQROPpo https://t.
@CveFindCom
19 Feb 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes