Login Sign Up

CVE-2025-7860

7.3 HIGH
SQL Injection Authentication Bypass

📋 TL;DR

A critical SQL injection vulnerability exists in the Church Donation System 1.0's admin login page. Attackers can manipulate the Username parameter to execute arbitrary SQL commands, potentially compromising the database. This affects all deployments of Church Donation System 1.0 with the vulnerable login_admin.php file.

💻 Affected Systems

Products:
  • Church Donation System
Versions: 1.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the /members/login_admin.php file specifically. Any installation with this file is vulnerable.

📦 What is this software?

Church Donation System by Carmelo

View all CVEs affecting Church Donation System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, authentication bypass, privilege escalation, and potential remote code execution on the underlying server.

🟠

Likely Case

Unauthorized access to sensitive donation records, user data, and administrative functions through SQL injection.

🟢

If Mitigated

Limited impact with proper input validation, parameterized queries, and network segmentation in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit details are publicly available on GitHub. SQL injection in login forms is commonly weaponized.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://code-projects.org/

Restart Required: No

Instructions:

1. Check vendor website for updates. 2. If no patch, implement workarounds or consider alternative software.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Add server-side validation to sanitize Username input before processing.

Modify login_admin.php to use prepared statements with parameterized queries.

Web Application Firewall (WAF)

all

Deploy a WAF to block SQL injection patterns targeting the login endpoint.

Configure WAF rules to detect and block SQLi attempts on /members/login_admin.php

🧯 If You Can't Patch

  • Isolate the system on a segmented network with strict access controls.
  • Disable or restrict access to /members/login_admin.php if admin functions are not needed.

🔍 How to Verify

Check if Vulnerable:

Test the login_admin.php endpoint with SQL injection payloads in the Username parameter (e.g., ' OR '1'='1).

Check Version:

Check the software version in the system's admin panel or configuration files.

Verify Fix Applied:

Verify that SQL injection attempts no longer succeed and that prepared statements are implemented in the code.

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL errors in web server logs
  • Multiple failed login attempts with SQL-like patterns

Network Indicators:

  • HTTP requests to /members/login_admin.php containing SQL keywords (UNION, SELECT, etc.)

SIEM Query:

source="web_logs" AND uri="/members/login_admin.php" AND (payload="' OR" OR payload="UNION" OR payload="SELECT")

📊 Metadata

CVE ID: CVE-2025-7860
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-74
EPSS Score: 0.03% exploit probability (8.9th percentile)
Published: July 20, 2025
Last Updated: July 29, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-7860, you might also want to check these:

CVE-2026-25520 10.0

SandboxJS versions before 0.8.29 have a critical sandbox escape vulnerability that allows attackers ...

Same vulnerability type (CWE-74)
CVE-2026-25586 10.0

This CVE describes a sandbox escape vulnerability in SandboxJS library versions before 0.8.29. Attac...

Same vulnerability type (CWE-74)
CVE-2025-20281 10.0

An unauthenticated remote code execution vulnerability in Cisco ISE and ISE-PIC API allows attackers...

Same vulnerability type (CWE-74)