How severe is CVE-2025-1135?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 7.2 out of 10.

What type of vulnerability is CVE-2025-1135?

This is classified as CWE-89, which is a common weakness in software security.

CVE-2025-1135 - CRITICAL Severity | CVSS 7.2

Vulnerability Description

A vulnerability exists in ChurchCRM 5.13.0. and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based and time-based blind SQL Injection vulnerability in the BatchWinnerEntry functionality. The CurrentFundraiser parameter is directly concatenated into an SQL query without sufficient sanitization, allowing an attacker to manipulate database queries and execute arbitrary commands, potentially leading to data exfiltration, modification, or deletion. Please note the vulnerability requires Administrator privileges.

Related Vulnerabilities

CVE-2006-5738

HIGH

CVSS:7.2(High)

Multiple SQL injection vulnerabilities in PunBB before 1.2.14 allow remote authenticated administrators to execute arbitrary SQL commands via unspecified vectors.

CWE-892006

CVE-2014-6045

HIGH

CVSS:7.2(High)

SQL injection vulnerability in phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via vectors involving the restore function.

CWE-892014

CVE-2015-10091

HIGH

CVSS:7.2(High)

A vulnerability has been found in ByWater Solutions bywater-koha-xslt and classified as critical. This vulnerability affects the function StringSearch of the file admin/systempreferences.pl. The manip...

CWE-892015

CVE-2015-2062

HIGH

CVSS:7.2(High)

Multiple SQL injection vulnerabilities in the Huge-IT Slider (slider-image) plugin before 2.7.0 for WordPress allow remote administrators to execute arbitrary SQL commands via the removeslide paramete...

CWE-892015

CVE-2015-5533

HIGH

CVSS:7.2(High)

SQL injection vulnerability in counter-options.php in the Count Per Day plugin before 3.4.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the cpd_keep_...

CWE-892015

CVE-2015-5591

HIGH

CVSS:7.2(High)

SQL injection vulnerability in Zenphoto before 1.4.9 allow remote administrators to execute arbitrary SQL commands.

CWE-892015