PT-2025-37424 · Itsourcecode · Baptism Information Management System
Chenguang Wang
+1
·
Published
2025-09-14
·
Updated
2025-09-18
·
CVE-2025-10404
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
itsourcecode Baptism Information Management System version 1.0
Description
A vulnerability exists in itsourcecode Baptism Information Management System version 1.0. The issue is due to SQL injection resulting from the manipulation of the
ID argument in the /rptbaptismal.php file. The attack can be performed remotely. The exploit has been made public.Recommendations
As a temporary workaround, consider restricting access to the
/rptbaptismal.php file until a fix is available.
Sanitize the ID argument before using it in SQL queries.Exploit
Fix
Special Elements Injection
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Baptism Information Management System