216.73.217.24

CVE-2025-68112

· Published 17/12/2025 22:16 · Modified 18/12/2025 18:28

Labels: CVE-2025-68112 2025-12-17CVE-2025-68112[email protected]

Essential information

Published
17/12/2025 22:16
Modified
18/12/2025 18:28
Author
Creator
CVSS
9.6 CRITICAL (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

CVSS metrics

Description

ChurchCRM is an open-source church management system. In versions prior to 6.5.3, a SQL injection vulnerability in ChurchCRM's Event Attendee Editor allows authenticated users to execute arbitrary SQL commands, leading to complete database compromise, administrative credential theft, and potential system takeover. The vulnerability enables attackers to extract sensitive member data, authentication credentials, and financial information from the church management system. Version 6.5.3 contains a patch for the issue.

NVD status

Status
Analyzed — CVE has had analysis completed and all data associations made.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
churchcrm / churchcrm cpe:2.3:a:churchcrm:churchcrm:*:*:*:*:*:*:*:*

References