SQL Injection Vulnerability in SourceCodester Best Church Management Software
CVE-2025-1596

7.3HIGH

Key Information:

Vendor: SourceCodester
Status: Best Church Management Software
Vendor: CVE Published:; 23 February 2025

Summary

An SQL injection vulnerability exists in version 1.0 of the Best Church Management Software by SourceCodester, specifically within the /fpassword.php file. By manipulating the 'email' argument in requests, malicious actors can execute unauthorized SQL commands. This flaw can be exploited remotely, posing significant risks to the integrity of the database. The issue has been publicly disclosed, yet there has been no response from the vendor regarding its mitigation, leaving users potentially exposed.

References

https://github.com/xiahao90/CVEproject/blob/main/xiahao.w...

https://vuldb.com/?ctiid.296591

https://vuldb.com/?id.296591

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 23, 2025