Vulnerabilities > Churchcrm > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-18 | CVE-2025-1023 | SQL Injection vulnerability in Churchcrm A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a time-based blind SQL Injection vulnerability in the EditEventTypes functionality. | 9.8 |
| 2024-11-22 | CVE-2024-53438 | SQL Injection vulnerability in Churchcrm 5.7.0 EventAttendance.php in ChurchCRM 5.7.0 is vulnerable to SQL injection. | 9.8 |