A vulnerability classified as critical has been found in code-projects Church Donation System 1.0. This affects an unknown part of the file /members/Tithes.php. The manipulation of the argument trcode leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-7831 is a critical SQL Injection vulnerability identified in version 1.0 of the code-projects Church Donation System, specifically within the /members/Tithes.php file. The vulnerability arises from improper sanitization or validation of the 'trcode' parameter, which is directly used in SQL queries. This flaw allows an unauthenticated remote attacker to inject malicious SQL code, potentially manipulating the backend database. The attack vector requires no authentication or user interaction, making exploitation straightforward. The vulnerability can lead to unauthorized data disclosure, data modification, or even complete compromise of the database, depending on the privileges of the database user. Although the CVSS 4.0 score is 6.9 (medium severity), the nature of SQL Injection vulnerabilities generally poses significant risks, especially when exploited remotely without any barriers. No official patches or fixes have been published yet, and while no known exploits are currently active in the wild, the public disclosure of the vulnerability increases the risk of exploitation. The vulnerability impacts the confidentiality, integrity, and availability of the affected system's data, with potential cascading effects on organizational operations and trust.

CVE Database V5

Detailed information about CVE-2025-7831: SQL Injection in code-projects Church Donation System affecting code-projects Church Donation System. Get real-time up

CVE-2025-7831: SQL Injection in code-projects Church Donation System - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7831: SQL Injection in code-projects Church Donation System

A vulnerability was found in code-projects Church Donation System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /reg.php. The manipulation of the argument mobile leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

CVE-2025-7830 is a critical SQL Injection vulnerability identified in version 1.0 of the code-projects Church Donation System, specifically within the /reg.php file. The vulnerability arises from improper sanitization of the 'mobile' parameter, which allows an attacker to inject malicious SQL code remotely without requiring authentication or user interaction. This flaw can lead to unauthorized access to the backend database, enabling attackers to read, modify, or delete sensitive data related to church donations and donor information. The vulnerability may also affect other parameters, increasing the attack surface. Although the CVSS 4.0 base score is 6.9 (medium severity), the potential impact on confidentiality, integrity, and availability of critical donation system data is significant. The exploit has been publicly disclosed, increasing the risk of exploitation, although no known active exploits have been reported in the wild yet. The vulnerability does not require privileges or user interaction, making it easier to exploit remotely over the network. The lack of available patches or mitigations from the vendor further exacerbates the risk for organizations using this software.

Detailed information about CVE-2025-7830: SQL Injection in code-projects Church Donation System affecting code-projects Church Donation System. Get real-time up

CVE-2025-7830: SQL Injection in code-projects Church Donation System - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7830: SQL Injection in code-projects Church Donation System

A vulnerability was found in code-projects Church Donation System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /login.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-7829 is a critical SQL Injection vulnerability identified in version 1.0 of the code-projects Church Donation System, specifically within the /login.php file. The vulnerability arises from improper sanitization or validation of the 'Username' parameter, allowing an attacker to inject malicious SQL code remotely without requiring authentication or user interaction. This flaw enables an attacker to manipulate backend database queries, potentially leading to unauthorized data access, data modification, or even full compromise of the underlying database. The vulnerability has been publicly disclosed, increasing the risk of exploitation, although no known exploits have been reported in the wild yet. The CVSS 4.0 score is 6.9 (medium severity), reflecting the network attack vector, no required privileges or user interaction, but limited impact on confidentiality, integrity, and availability. The vulnerability affects only version 1.0 of the product, which is a specialized donation management system used primarily by churches or religious organizations to handle donations and related data.

Detailed information about CVE-2025-7829: SQL Injection in code-projects Church Donation System affecting code-projects Church Donation System. Get real-time up

CVE-2025-7829: SQL Injection in code-projects Church Donation System - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7829: SQL Injection in code-projects Church Donation System

A vulnerability was found in Jinher OA 1.1. It has been rated as problematic. This issue affects some unknown processing of the file XmlHttp.aspx. The manipulation leads to xml external entity reference. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-7824 is a security vulnerability identified in Jinher OA version 1.1, specifically related to the processing of the XmlHttp.aspx file. The vulnerability is classified as an XML External Entity (XXE) reference issue. XXE vulnerabilities occur when an XML parser improperly processes external entity references within XML input, allowing an attacker to interfere with the processing of XML data. In this case, the vulnerability allows remote attackers to manipulate XML input to trigger external entity references. This can lead to several security risks, including disclosure of confidential files on the server, server-side request forgery (SSRF), denial of service (DoS) through resource exhaustion, and potentially remote code execution depending on the environment and further exploitation. The vulnerability requires no authentication or user interaction, making it remotely exploitable over the network. The CVSS 4.0 score is 6.9 (medium severity), reflecting the ease of exploitation (network accessible, no privileges or user interaction required) but limited impact on confidentiality, integrity, and availability (each rated low). No patches or mitigations are currently linked, and no known exploits are reported in the wild yet, though public disclosure of the exploit details increases the risk of exploitation attempts. The vulnerability affects only version 1.1 of Jinher OA, an office automation software product, which is used for managing organizational workflows and documents.

Detailed information about CVE-2025-7824: XML External Entity Reference in Jinher OA affecting Jinher OA. Get real-time updates, technical details, and mitigati

CVE-2025-7824: XML External Entity Reference in Jinher OA - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7824: XML External Entity Reference in Jinher OA

A vulnerability classified as critical was found in code-projects Church Donation System 1.0. This vulnerability affects unknown code of the file /members/offering.php. The manipulation of the argument trcode leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Detailed information about CVE-2025-7832: SQL Injection in code-projects Church Donation System affecting code-projects Church Donation System. Get real-time up

CVE-2025-7832: SQL Injection in code-projects Church Donation System

CVE-2025-7832: SQL Injection in code-projects Church Donation System

Description

Technical Details

Related Threats

CVE-2025-7831: SQL Injection in code-projects Church Donation System

CVE-2025-7830: SQL Injection in code-projects Church Donation System

CVE-2025-7829: SQL Injection in code-projects Church Donation System

CVE-2025-7824: XML External Entity Reference in Jinher OA

CVE-2025-7823: XML External Entity Reference in Jinher OA

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility