A vulnerability classified as critical was found in code-projects Church Donation System 1.0. This vulnerability affects unknown code of the file /members/offering.php. The manipulation of the argument trcode leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-7832 is a critical SQL Injection vulnerability identified in version 1.0 of the code-projects Church Donation System, specifically within the /members/offering.php file. The vulnerability arises due to improper sanitization or validation of the 'trcode' parameter, which is directly used in SQL queries. An attacker can remotely manipulate this parameter to inject malicious SQL code, potentially allowing unauthorized access to the underlying database. This can lead to unauthorized data disclosure, data modification, or even complete compromise of the database server. The vulnerability does not require authentication or user interaction, making it easier to exploit remotely. Although the CVSS v4.0 score is 6.9 (medium severity), the potential impact on confidentiality, integrity, and availability of the system is significant due to the nature of SQL injection attacks. The vulnerability affects only version 1.0 of the product, and no official patches or mitigations have been published yet. There are no known exploits in the wild at the time of publication, but the exploit details have been publicly disclosed, increasing the risk of exploitation by threat actors. The Church Donation System is likely used by religious organizations to manage donations, meaning that sensitive donor information and financial data could be at risk if exploited.

CVE Database V5

Detailed information about CVE-2025-7832: SQL Injection in code-projects Church Donation System affecting code-projects Church Donation System. Get real-time up

CVE-2025-7832: SQL Injection in code-projects Church Donation System - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7832: SQL Injection in code-projects Church Donation System

A vulnerability classified as critical has been found in code-projects Church Donation System 1.0. This affects an unknown part of the file /members/Tithes.php. The manipulation of the argument trcode leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-7831 is a critical SQL Injection vulnerability identified in version 1.0 of the code-projects Church Donation System, specifically within the /members/Tithes.php file. The vulnerability arises from improper sanitization or validation of the 'trcode' parameter, which is directly used in SQL queries. This flaw allows an unauthenticated remote attacker to inject malicious SQL code, potentially manipulating the backend database. The attack vector requires no authentication or user interaction, making exploitation straightforward. The vulnerability can lead to unauthorized data disclosure, data modification, or even complete compromise of the database, depending on the privileges of the database user. Although the CVSS 4.0 score is 6.9 (medium severity), the nature of SQL Injection vulnerabilities generally poses significant risks, especially when exploited remotely without any barriers. No official patches or fixes have been published yet, and while no known exploits are currently active in the wild, the public disclosure of the vulnerability increases the risk of exploitation. The vulnerability impacts the confidentiality, integrity, and availability of the affected system's data, with potential cascading effects on organizational operations and trust.

Detailed information about CVE-2025-7831: SQL Injection in code-projects Church Donation System affecting code-projects Church Donation System. Get real-time up

CVE-2025-7831: SQL Injection in code-projects Church Donation System - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7831: SQL Injection in code-projects Church Donation System

A vulnerability was found in code-projects Church Donation System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /reg.php. The manipulation of the argument mobile leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

CVE-2025-7830 is a critical SQL Injection vulnerability identified in version 1.0 of the code-projects Church Donation System, specifically within the /reg.php file. The vulnerability arises from improper sanitization of the 'mobile' parameter, which allows an attacker to inject malicious SQL code remotely without requiring authentication or user interaction. This flaw can lead to unauthorized access to the backend database, enabling attackers to read, modify, or delete sensitive data related to church donations and donor information. The vulnerability may also affect other parameters, increasing the attack surface. Although the CVSS 4.0 base score is 6.9 (medium severity), the potential impact on confidentiality, integrity, and availability of critical donation system data is significant. The exploit has been publicly disclosed, increasing the risk of exploitation, although no known active exploits have been reported in the wild yet. The vulnerability does not require privileges or user interaction, making it easier to exploit remotely over the network. The lack of available patches or mitigations from the vendor further exacerbates the risk for organizations using this software.

Detailed information about CVE-2025-7830: SQL Injection in code-projects Church Donation System affecting code-projects Church Donation System. Get real-time up

CVE-2025-7830: SQL Injection in code-projects Church Donation System - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7830: SQL Injection in code-projects Church Donation System

A vulnerability was found in code-projects Church Donation System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /login.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-7829 is a critical SQL Injection vulnerability identified in version 1.0 of the code-projects Church Donation System, specifically within the /login.php file. The vulnerability arises from improper sanitization or validation of the 'Username' parameter, allowing an attacker to inject malicious SQL code remotely without requiring authentication or user interaction. This flaw enables an attacker to manipulate backend database queries, potentially leading to unauthorized data access, data modification, or even full compromise of the underlying database. The vulnerability has been publicly disclosed, increasing the risk of exploitation, although no known exploits have been reported in the wild yet. The CVSS 4.0 score is 6.9 (medium severity), reflecting the network attack vector, no required privileges or user interaction, but limited impact on confidentiality, integrity, and availability. The vulnerability affects only version 1.0 of the product, which is a specialized donation management system used primarily by churches or religious organizations to handle donations and related data.

Detailed information about CVE-2025-7829: SQL Injection in code-projects Church Donation System affecting code-projects Church Donation System. Get real-time up

CVE-2025-7829: SQL Injection in code-projects Church Donation System - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7829: SQL Injection in code-projects Church Donation System

A vulnerability, which was classified as critical, has been found in code-projects Church Donation System 1.0. This issue affects some unknown processing of the file /members/giving.php. The manipulation of the argument Amount leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Detailed information about CVE-2025-7833: SQL Injection in code-projects Church Donation System affecting code-projects Church Donation System. Get real-time up

CVE-2025-7833: SQL Injection in code-projects Church Donation System

CVE-2025-7833: SQL Injection in code-projects Church Donation System

Description

Technical Details

Related Threats

CVE-2025-7832: SQL Injection in code-projects Church Donation System

CVE-2025-7831: SQL Injection in code-projects Church Donation System

CVE-2025-7830: SQL Injection in code-projects Church Donation System

CVE-2025-7829: SQL Injection in code-projects Church Donation System

CVE-2025-7824: XML External Entity Reference in Jinher OA

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility