CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Churchcrm: >> Churchcrm >> 5.19.0 Security Vulnerabilities

CVE-2025-66313

ChurchCRM is an open-source church management system. In ChurchCRM 6.2.0 and earlier, there is a time-based blind SQL injection in the handling of the 1FieldSec parameter. Injecting SLEEP() causes deterministic server-side delays, proving the value is incorporated into a SQL query without proper parameterization. The issue allows data exfiltration and modification via blind techniques.

CVSS Score

7.2

EPSS Score

0.0

Published

2025-12-01

Page 3

Vulnerabilities

Vulnerable Software

Churchcrm: >> Churchcrm >> 5.19.0 Security Vulnerabilities

Products

Pricing

Contact Us