A vulnerability was found in code-projects Church Donation System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /reg.php. The manipulation of the argument mobile leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

CVE-2025-7830 is a critical SQL Injection vulnerability identified in version 1.0 of the code-projects Church Donation System, specifically within the /reg.php file. The vulnerability arises from improper sanitization of the 'mobile' parameter, which allows an attacker to inject malicious SQL code remotely without requiring authentication or user interaction. This flaw can lead to unauthorized access to the backend database, enabling attackers to read, modify, or delete sensitive data related to church donations and donor information. The vulnerability may also affect other parameters, increasing the attack surface. Although the CVSS 4.0 base score is 6.9 (medium severity), the potential impact on confidentiality, integrity, and availability of critical donation system data is significant. The exploit has been publicly disclosed, increasing the risk of exploitation, although no known active exploits have been reported in the wild yet. The vulnerability does not require privileges or user interaction, making it easier to exploit remotely over the network. The lack of available patches or mitigations from the vendor further exacerbates the risk for organizations using this software.

CVE Database V5

Detailed information about CVE-2025-7830: SQL Injection in code-projects Church Donation System affecting code-projects Church Donation System. Get real-time up

CVE-2025-7830: SQL Injection in code-projects Church Donation System - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7830: SQL Injection in code-projects Church Donation System

A vulnerability was found in code-projects Church Donation System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /login.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-7829 is a critical SQL Injection vulnerability identified in version 1.0 of the code-projects Church Donation System, specifically within the /login.php file. The vulnerability arises from improper sanitization or validation of the 'Username' parameter, allowing an attacker to inject malicious SQL code remotely without requiring authentication or user interaction. This flaw enables an attacker to manipulate backend database queries, potentially leading to unauthorized data access, data modification, or even full compromise of the underlying database. The vulnerability has been publicly disclosed, increasing the risk of exploitation, although no known exploits have been reported in the wild yet. The CVSS 4.0 score is 6.9 (medium severity), reflecting the network attack vector, no required privileges or user interaction, but limited impact on confidentiality, integrity, and availability. The vulnerability affects only version 1.0 of the product, which is a specialized donation management system used primarily by churches or religious organizations to handle donations and related data.

Detailed information about CVE-2025-7829: SQL Injection in code-projects Church Donation System affecting code-projects Church Donation System. Get real-time up

CVE-2025-7829: SQL Injection in code-projects Church Donation System - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7829: SQL Injection in code-projects Church Donation System

A vulnerability was found in Jinher OA 1.1. It has been rated as problematic. This issue affects some unknown processing of the file XmlHttp.aspx. The manipulation leads to xml external entity reference. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-7824 is a security vulnerability identified in Jinher OA version 1.1, specifically related to the processing of the XmlHttp.aspx file. The vulnerability is classified as an XML External Entity (XXE) reference issue. XXE vulnerabilities occur when an XML parser improperly processes external entity references within XML input, allowing an attacker to interfere with the processing of XML data. In this case, the vulnerability allows remote attackers to manipulate XML input to trigger external entity references. This can lead to several security risks, including disclosure of confidential files on the server, server-side request forgery (SSRF), denial of service (DoS) through resource exhaustion, and potentially remote code execution depending on the environment and further exploitation. The vulnerability requires no authentication or user interaction, making it remotely exploitable over the network. The CVSS 4.0 score is 6.9 (medium severity), reflecting the ease of exploitation (network accessible, no privileges or user interaction required) but limited impact on confidentiality, integrity, and availability (each rated low). No patches or mitigations are currently linked, and no known exploits are reported in the wild yet, though public disclosure of the exploit details increases the risk of exploitation attempts. The vulnerability affects only version 1.1 of Jinher OA, an office automation software product, which is used for managing organizational workflows and documents.

Detailed information about CVE-2025-7824: XML External Entity Reference in Jinher OA affecting Jinher OA. Get real-time updates, technical details, and mitigati

CVE-2025-7824: XML External Entity Reference in Jinher OA - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7824: XML External Entity Reference in Jinher OA

A vulnerability was found in Jinher OA 1.2. It has been declared as problematic. This vulnerability affects unknown code of the file ProjectScheduleDelete.aspx. The manipulation leads to xml external entity reference. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-7823 is a security vulnerability identified in Jinher OA version 1.2, specifically within the ProjectScheduleDelete.aspx component. The vulnerability is classified as an XML External Entity (XXE) reference issue. XXE vulnerabilities occur when an application processes XML input containing references to external entities, which can be exploited by attackers to read arbitrary files, perform server-side request forgery (SSRF), or cause denial of service (DoS) conditions. In this case, the vulnerability allows remote attackers to manipulate XML input to trigger external entity references without requiring any authentication or user interaction. The CVSS 4.0 score is 6.9, indicating a medium severity level, with attack vector being network-based (AV:N), low attack complexity (AC:L), no privileges or user interaction required (PR:N, UI:N), and partial impacts on confidentiality, integrity, and availability (VC:L, VI:L, VA:L). The vulnerability affects unknown code within the specified file, suggesting that the XML parser or processing logic does not properly validate or sanitize XML input, leading to the XXE condition. Although no public exploits are currently known to be in the wild, the disclosure of the vulnerability and its exploitability over the network make it a credible threat. The lack of available patches or mitigations from the vendor at this time increases the risk for organizations using Jinher OA 1.2. Overall, this vulnerability could allow attackers to access sensitive internal files, perform unauthorized network requests, or disrupt service availability remotely, making it a significant concern for affected deployments.

Detailed information about CVE-2025-7823: XML External Entity Reference in Jinher OA affecting Jinher OA. Get real-time updates, technical details, and mitigati

CVE-2025-7823: XML External Entity Reference in Jinher OA - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7823: XML External Entity Reference in Jinher OA

A vulnerability classified as critical has been found in code-projects Church Donation System 1.0. This affects an unknown part of the file /members/Tithes.php. The manipulation of the argument trcode leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Detailed information about CVE-2025-7831: SQL Injection in code-projects Church Donation System affecting code-projects Church Donation System. Get real-time up

CVE-2025-7831: SQL Injection in code-projects Church Donation System

CVE-2025-7831: SQL Injection in code-projects Church Donation System

Description

Technical Details

Related Threats

CVE-2025-7830: SQL Injection in code-projects Church Donation System

CVE-2025-7829: SQL Injection in code-projects Church Donation System

CVE-2025-7824: XML External Entity Reference in Jinher OA

CVE-2025-7823: XML External Entity Reference in Jinher OA

CVE-2025-7819: Cross Site Scripting in PHPGurukul Apartment Visitors Management System

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility