A vulnerability, which was classified as critical, has been found in code-projects Church Donation System 1.0. This issue affects some unknown processing of the file /members/giving.php. The manipulation of the argument Amount leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-7833 is a critical SQL Injection vulnerability identified in version 1.0 of the code-projects Church Donation System, specifically within the /members/giving.php file. The vulnerability arises from improper handling of the 'Amount' parameter, which can be manipulated by an attacker to inject malicious SQL commands. This flaw allows an unauthenticated remote attacker to execute arbitrary SQL queries against the backend database without requiring any user interaction or privileges. The injection can lead to unauthorized data access, modification, or deletion, potentially compromising the confidentiality, integrity, and availability of the donation system's data. Although the CVSS 4.0 base score is 6.9 (medium severity), the vulnerability's characteristics—network exploitable, no authentication or user interaction required, and direct impact on data—indicate a significant risk. No patches or fixes have been published yet, and no known exploits are reported in the wild, but public disclosure increases the risk of exploitation attempts. The vulnerability affects only version 1.0 of the product, which is a niche donation management system used primarily by religious organizations to process donations online.

CVE Database V5

Detailed information about CVE-2025-7833: SQL Injection in code-projects Church Donation System affecting code-projects Church Donation System. Get real-time up

CVE-2025-7833: SQL Injection in code-projects Church Donation System - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7833: SQL Injection in code-projects Church Donation System

A vulnerability classified as critical was found in code-projects Church Donation System 1.0. This vulnerability affects unknown code of the file /members/offering.php. The manipulation of the argument trcode leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-7832 is a critical SQL Injection vulnerability identified in version 1.0 of the code-projects Church Donation System, specifically within the /members/offering.php file. The vulnerability arises due to improper sanitization or validation of the 'trcode' parameter, which is directly used in SQL queries. An attacker can remotely manipulate this parameter to inject malicious SQL code, potentially allowing unauthorized access to the underlying database. This can lead to unauthorized data disclosure, data modification, or even complete compromise of the database server. The vulnerability does not require authentication or user interaction, making it easier to exploit remotely. Although the CVSS v4.0 score is 6.9 (medium severity), the potential impact on confidentiality, integrity, and availability of the system is significant due to the nature of SQL injection attacks. The vulnerability affects only version 1.0 of the product, and no official patches or mitigations have been published yet. There are no known exploits in the wild at the time of publication, but the exploit details have been publicly disclosed, increasing the risk of exploitation by threat actors. The Church Donation System is likely used by religious organizations to manage donations, meaning that sensitive donor information and financial data could be at risk if exploited.

Detailed information about CVE-2025-7832: SQL Injection in code-projects Church Donation System affecting code-projects Church Donation System. Get real-time up

CVE-2025-7832: SQL Injection in code-projects Church Donation System - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7832: SQL Injection in code-projects Church Donation System

A vulnerability classified as critical has been found in code-projects Church Donation System 1.0. This affects an unknown part of the file /members/Tithes.php. The manipulation of the argument trcode leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-7831 is a critical SQL Injection vulnerability identified in version 1.0 of the code-projects Church Donation System, specifically within the /members/Tithes.php file. The vulnerability arises from improper sanitization or validation of the 'trcode' parameter, which is directly used in SQL queries. This flaw allows an unauthenticated remote attacker to inject malicious SQL code, potentially manipulating the backend database. The attack vector requires no authentication or user interaction, making exploitation straightforward. The vulnerability can lead to unauthorized data disclosure, data modification, or even complete compromise of the database, depending on the privileges of the database user. Although the CVSS 4.0 score is 6.9 (medium severity), the nature of SQL Injection vulnerabilities generally poses significant risks, especially when exploited remotely without any barriers. No official patches or fixes have been published yet, and while no known exploits are currently active in the wild, the public disclosure of the vulnerability increases the risk of exploitation. The vulnerability impacts the confidentiality, integrity, and availability of the affected system's data, with potential cascading effects on organizational operations and trust.

Detailed information about CVE-2025-7831: SQL Injection in code-projects Church Donation System affecting code-projects Church Donation System. Get real-time up

CVE-2025-7831: SQL Injection in code-projects Church Donation System - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7831: SQL Injection in code-projects Church Donation System

A vulnerability was found in code-projects Church Donation System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /reg.php. The manipulation of the argument mobile leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

CVE-2025-7830 is a critical SQL Injection vulnerability identified in version 1.0 of the code-projects Church Donation System, specifically within the /reg.php file. The vulnerability arises from improper sanitization of the 'mobile' parameter, which allows an attacker to inject malicious SQL code remotely without requiring authentication or user interaction. This flaw can lead to unauthorized access to the backend database, enabling attackers to read, modify, or delete sensitive data related to church donations and donor information. The vulnerability may also affect other parameters, increasing the attack surface. Although the CVSS 4.0 base score is 6.9 (medium severity), the potential impact on confidentiality, integrity, and availability of critical donation system data is significant. The exploit has been publicly disclosed, increasing the risk of exploitation, although no known active exploits have been reported in the wild yet. The vulnerability does not require privileges or user interaction, making it easier to exploit remotely over the network. The lack of available patches or mitigations from the vendor further exacerbates the risk for organizations using this software.

Detailed information about CVE-2025-7830: SQL Injection in code-projects Church Donation System affecting code-projects Church Donation System. Get real-time up

CVE-2025-7830: SQL Injection in code-projects Church Donation System - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7830: SQL Injection in code-projects Church Donation System

A vulnerability, which was classified as problematic, was found in PHPGurukul Complaint Management System 2.0. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Detailed information about CVE-2025-7834: Cross-Site Request Forgery in PHPGurukul Complaint Management System affecting PHPGurukul Complaint Management System.

CVE-2025-7834: Cross-Site Request Forgery in PHPGurukul Complaint Management System

CVE-2025-7834: Cross-Site Request Forgery in PHPGurukul Complaint Management System

Description

Technical Details

Related Threats

CVE-2025-7833: SQL Injection in code-projects Church Donation System

CVE-2025-7832: SQL Injection in code-projects Church Donation System

CVE-2025-7831: SQL Injection in code-projects Church Donation System

CVE-2025-7830: SQL Injection in code-projects Church Donation System

CVE-2025-7829: SQL Injection in code-projects Church Donation System

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility