SQL Injection Vulnerability in Church Donation System by Code-Projects
CVE-2025-7859

7.3HIGH

Key Information:

Vendor: Code-Projects
Status: Church Donation System
Vendor: CVE Published:; 20 July 2025

🔔 Create Code-Projects Vulnerability Alert

What is CVE-2025-7859?

A significant SQL injection vulnerability has been identified in the Church Donation System 1.0 utilized by Code-Projects. The issue resides in the /members/update_password_admin.php file, where the manipulation of the 'new_password' parameter can allow attackers to execute unauthorized SQL commands. This vulnerability is particularly concerning as it can be exploited remotely, enabling attackers to access and manipulate sensitive data without authentication. Given its public disclosure, immediate mitigation is advised to safeguard the integrity of affected systems.

References

https://code-projects.org/

https://github.com/n0name-yang/myCVE/issues/10

https://vuldb.com/?ctiid.316972

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 20, 2025