CVE-2025-1961

Name of the Vulnerable Software and Affected Versions SourceCodester Best Church Management Software version 1.1

Description A critical vulnerability has been found in the software, affecting an unknown functionality of the file /admin/app/web crud.php. The manipulation of the encryption argument leads to SQL injection. The attack can be launched remotely. Other parameters might be affected as well.

Recommendations For version 1.1, consider disabling access to the /admin/app/web crud.php file until a patch is available. As a temporary workaround, restrict the manipulation of the encryption argument to minimize the risk of SQL injection exploitation. Avoid using the encryption argument in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.