CVE-2025-67751 | ChurchCRM up to 6.4.x EventEditor.php EN_tyid sql injection (GHSA-wxcc-gvfv-56fg)

A vulnerability was found in ChurchCRM up to 6.4.x. It has been declared as critical. The impacted element is an unknown function of the file EventEditor.php. The manipulation of the argument EN_tyid results in sql injection.

This vulnerability is reported as CVE-2025-67751. The attack can be launched remotely. No exploit exists.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More