CVE-2025-67877 | CRMChurchCRM up to 6.5.2 POST Parameter src/CartToFamily.php InputUtils PersonAddress sql injection

A vulnerability classified as critical was found in CRMChurchCRM up to 6.5.2. Impacted is the function InputUtils of the file src/CartToFamily.php of the component POST Parameter Handler. Executing manipulation of the argument PersonAddress can lead to sql injection.

This vulnerability appears as CVE-2025-67877. The attack may be performed from remote. There is no available exploit.

Upgrading the affected component is advised.VulDB Recent EntriesRead More