CVE-2025-1199 — Injection in Best Church Management Software

CWE-74 — Injection CWE-89 — SQL Injection CWE-416 — Use After Free4 documents4 sources

Severity

5.3MEDIUMNVD

EPSS

0.1%

top 73.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sourcecodester Best Church Management Software Mayurik Best Church Management Software

Timeline

PublishedFeb 12

Description

A vulnerability was found in SourceCodester Best Church Management Software 1.1. It has been classified as critical. This affects an unknown part of the file /admin/app/role_crud.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5sourcecodester/best_church_management_software1.1

▶NVDmayurik/best_church_management_software1.1

🔴Vulnerability Details

CVEList

SourceCodester Best Church Management Software role_crud.php sql injection↗2025-02-12

▶

GHSA

GHSA-mw64-9qfm-r8wr: A vulnerability was found in SourceCodester Best Church Management Software 1↗2025-02-12

▶

📋Vendor Advisories

Microsoft

A flaw was found in the Linux kernel. This flaw allows an attacker to crash the Linux kernel by simulating amateur radio from the user space resulting in a null-ptr-deref vulnerability and a use-after↗2022-08-09

▶