Blind SQL Injection Vulnerability in ChurchCRM by ChurchCRM Development
CVE-2024-25892

Currently unrated

Key Information:

Vendor: ChurchCRM Development
Status: ChurchCRM
Vendor: CVE Published:; 21 February 2024

🔔 Create ChurchCRM Development Vulnerability Alert

What is CVE-2024-25892?

The ChurchCRM 5.5.0 version has a vulnerability that allows for a Blind SQL Injection through the familyId parameter in ConfirmReport.php. This can be exploited by attackers to execute arbitrary SQL queries on the database, thereby potentially compromising sensitive information. It is crucial for users to evaluate their systems for this vulnerability to enhance their security posture and mitigate the risks associated with malicious data manipulation.

References

https://github.com/ChurchCRM/CRM/issues/6858

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 21, 2024
Vulnerability Reserved
Feb 12, 2024