Blind SQL Injection Vulnerability in ChurchCRM by ChurchCRM Development
CVE-2024-25892

Currently unrated

Key Information:

Vendor: ChurchCRM Development
Status: ChurchCRM
Vendor: CVE Published:; 21 February 2024

🔔 Create ChurchCRM Development Vulnerability Alert

What is CVE-2024-25892?

The ChurchCRM 5.5.0 version has a vulnerability that allows for a Blind SQL Injection through the familyId parameter in ConfirmReport.php. This can be exploited by attackers to execute arbitrary SQL queries on the database, thereby potentially compromising sensitive information. It is crucial for users to evaluate their systems for this vulnerability to enhance their security posture and mitigate the risks associated with malicious data manipulation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/ChurchCRM/CRM/issues/6858

Timeline

Vulnerability published
Feb 21, 2024
Vulnerability Reserved
Feb 12, 2024

JSON

ChurchCRM Development

What is CVE-2024-25892?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.