What is CVE-2025-1199?

A medium-severity SQL injection vulnerability exists in SourceCodester's Best Church Management Software. Organizations should prioritize remediation to mitigate risks associated with this vulnerability.

What is the severity of CVE-2025-1199?

CVE-2025-1199 has a severity rating of MEDIUM with a CVSS base score of 5.3.

CVE-2025-1199 | Medium Vulnerability in Mayurik Best Church Management Software

A vulnerability was found in SourceCodester Best Church Management Software 1.1. It has been classified as critical. This affects an unknown part of the file /admin/app/role_crud.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

The vulnerability has a CVSS score of 5.3, indicating a medium severity level. Organizations using this software should be aware of the potential risk to their systems and data.

Risk to organizations includes unauthorized access and data manipulation, leading to potential operational disruptions. Organizations should prioritize patching immediately.

The vulnerability has been publicly disclosed, which increases the likelihood of exploitation. Therefore, it is crucial for organizations to address this issue as part of their security management strategies.

Vulnerability Details

A vulnerability was found in SourceCodester Best Church Management Software 1.1. It has been classified as critical. This affects an unknown part of the file /admin/app/role_crud.php. The manipulation of the argument id leads to SQL injection. This vulnerability is classified under CWE-89.

The CVSS score is 5.3, indicating a medium severity level. The score reflects low attack complexity and low privileges required for exploitation, making it accessible for attackers.

The vulnerability was published on February 12, 2025, and has been categorized under the weaknesses CWE-74 and CWE-89.

Technical Analysis

The root cause of this vulnerability is improper input validation in the affected file. Attackers may leverage SQL injection techniques to manipulate the database through the affected parameter.

The attack vector is network-based, allowing remote exploitation without requiring user interaction. The attack complexity is low, and it requires only low privileges, making this vulnerability particularly concerning.

The vulnerability could lead to confidentiality, integrity, and availability impacts, albeit at a low level. Organizations must remain vigilant to detect and mitigate such attacks.

Risk & Impact Analysis

Real-world deployment risk for this vulnerability includes potential database compromise and unauthorized data access. Organizations must understand that even medium-severity vulnerabilities can have significant impacts, especially in environments handling sensitive information.

The blast radius of this vulnerability could extend to all instances of the affected software, making it crucial for organizations to address this vulnerability in their patch management cycle.

Organizations should address this vulnerability in their priority patch cycle to mitigate risks effectively.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The affected product is SourceCodester Best Church Management Software version 1.1. Organizations should consider all versions prior to vendor patch as vulnerable.

Mitigation & Remediation

Organizations should prioritize patching by upgrading to the latest version of Best Church Management Software. If a patch is not available, consider implementing input validation and sanitization measures to mitigate SQL injection risks.

For additional guidance on security testing, organizations can explore penetration testing services to identify and address similar vulnerabilities.

Detection Guidance

Monitoring for unusual database queries and unexpected changes in data integrity can help in detecting potential exploitation of this vulnerability. Organizations should maintain logs of access attempts and analyze for behavioral anomalies.

AppSecure Threat Intelligence Insight

The long-term significance of this vulnerability highlights the necessity for organizations to adopt robust security testing methodologies. As SQL injection remains a common attack vector, it reinforces the importance of secure coding practices.

Organizations should focus on patterns in vulnerability disclosures to enhance their security posture. Regularly reviewing and updating security controls can mitigate risks associated with newly discovered vulnerabilities.

For comprehensive strategies, security teams can refer to resources such as penetration testing methodology and best practices for vulnerability management.

In conclusion, effective risk management and proactive security measures are vital to mitigating the impact of this and similar vulnerabilities.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2025-1199: Medium Vulnerability in Mayurik Best Church Management Software