CVE Details
Basic Information
| Title | code-projects Church Donation System edit_Members.php sql injection |
|---|---|
| Type | cve |
| Published | 2025-07-21T15:32:05.745Z |
| Modified | 2025-07-21T15:46:21.162Z |
Product Information
| Vendor | code-projects |
|---|---|
| Product | Church Donation System |
| Version | 1.0 |
CVSS Information
| Base Score | 6.9 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
AI Analysis
| AI Description | A SQL injection vulnerability exists in the Church Donation System version 1.0, allowing remote attackers to inject malicious SQL code through the ‘fname’ argument in edit_Members.php. |
|---|---|
| AI Severity | Medium |
| AI Vendor | code-projects |
| AI Product | Church Donation System |
| AI Version | 1.0 |
Affected Products
- code-projects Church Donation System 1.0
Additional Information
| CWE List | CWE-89, CWE-74 |
|---|---|
| Source | VulDB |
Description
A vulnerability was found in code-projects Church Donation System 1.0. It has been classified as critical. Affected is an unknown function of the file /members/edit_Members.php. The manipulation of the argument fname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.