CVE-2025-66396 | ChurchCRM up to 6.5.2 src/UserEditor.php Type sql injection

A vulnerability labeled as critical has been found in ChurchCRM up to 6.5.2. This affects an unknown function of the file src/UserEditor.php. Such manipulation of the argument Type leads to sql injection.

This vulnerability is traded as CVE-2025-66396. The attack may be launched remotely. There is no exploit available.

The affected component should be upgraded.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.VulDB Recent EntriesRead More