Skip to content
High Published: Dec 16, 2025

CVE-2025-67751

7.2 CVSS Score High
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Export CVE-2025-67751 Data:
Share:
Link copied!

Description

ChurchCRM is an open-source church management system. Prior to version 6.5.0, a SQL injection vulnerability exists in the `EventEditor.php` file. When creating a new event and selecting an event type, the `EN_tyid` POST parameter is not sanitized. This allows an authenticated user with event management permissions (`isAddEvent`) to execute arbitrary SQL queries. Version 6.5.0 fixes the issue.

CVSS Vector Details

Attack Vector Network
Attack Complexity Low
Privileges Required High
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Weaknesses (CWE)

  • CWE-89

References & External Links

External Resources

NVD Official Record Exploit-DB Search Exploits CVE Details Statistics GitHub PoC / Tools X / Twitter Discussions Google Search More

Related Vulnerabilities

CVE-2002-0999 CVSS 0 Same weakness: CWE-89 CVE-2002-2252 CVSS 0 Same weakness: CWE-89 CVE-2002-2277 CVSS 0 Same weakness: CWE-89 CVE-2002-2304 CVSS 0 Same weakness: CWE-89 CVE-2002-2305 CVSS 0 Same weakness: CWE-89

CVE History Timeline

Dec 16, 2025 01:15 New CVE Received
← Back to CVE Tracker