21Şub
CVE-2024-25897 | ChurchCRM 5.5.0 GET Parameter FRCatalog.php CurrentFundraiser sql injection
A vulnerability, which was classified as critical, has been found in ChurchCRM 5.5.0. Affected by this issue is some unknown functionality of the file FRCatalog.php of the component GET Parameter Handler. The manipulation of the argument CurrentFundraiser leads to sql injection. This vulnerability is handled as CVE-2024-25897. The attack needs to be done within the local network. There is no exploit available.