Apena-Ba

**Name of the Vulnerable Software and Affected Versions** ChurchCRM versions prior to 5.9.2 **Description** The issue is an authenticated SQL injection due to improper sanitization of user input. Authentication is required, but no elevated privileges are necessary. This allows attackers to inject SQL statements directly into the database query due to inadequate sanitization of the `EID` parameter in a GET request to "/GetText.php". **Recommendations** For versions prior to 5.9.2, update to version 5.9.2 to resolve the issue. As a temporary workaround, consider restricting access to the "/GetText.php" endpoint or sanitizing the `EID` parameter to minimize the risk of exploitation.