CVE-2025-68400 | ChurchCRM up to 6.5.2 Legacy Endpoint ConfirmReportEmail.php familyId sql injection

A vulnerability described as critical has been identified in ChurchCRM up to 6.5.2. This vulnerability affects unknown code of the file /Reports/ConfirmReportEmail.php of the component Legacy Endpoint. Such manipulation of the argument familyId leads to sql injection.

This vulnerability is documented as CVE-2025-68400. The attack can be executed remotely. There is not any exploit available.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More