CVE-2025-7832

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Church Donation System version 1.0

Description A critical vulnerability exists in Church Donation System 1.0. The vulnerability affects unknown code within the /members/offering.php file. Manipulation of the trcode argument results in a SQL injection. The attack can be initiated remotely. The exploit has been publicly disclosed.

Recommendations Church Donation System version 1.0: Address the SQL injection vulnerability by sanitizing or validating the trcode argument before using it in SQL queries. Church Donation System version 1.0: Review the code within the /members/offering.php file to identify and correct the root cause of the SQL injection vulnerability.

Exploit

Fix

Special Elements Injection

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-89

Related Identifiers

CVE-2025-7832

Affected Products

Church Donation System

CVE-2025-7832

Weakness Enumeration

Related Identifiers

Affected Products

References · 12