CVE-2025-7929

Name of the Vulnerable Software and Affected Versions code-projects Church Donation System version 1.0

Description A critical issue exists in code-projects Church Donation System 1.0. The manipulation of the fname argument in the /members/edit Members.php file leads to SQL injection. This allows for remote exploitation. The exploit has been publicly disclosed. Other parameters may also be affected.

Recommendations As a temporary workaround, consider restricting access to the /members/edit Members.php file to minimize the risk of exploitation. Sanitize the fname parameter before using it in SQL queries. Review and sanitize all other parameters used in SQL queries within the application. At the moment, there is no information about a newer version that contains a fix for this vulnerability.