What is CVE-2025-1202?

A medium-severity SQL injection vulnerability has been discovered in Mayurik's Best Church Management Software. Organizations using version 1.1 must address this vulnerability to prevent exploitation.

What is the severity of CVE-2025-1202?

CVE-2025-1202 has a severity rating of MEDIUM with a CVSS base score of 5.3.

CVE-2025-1202 | Medium Vulnerability in Mayurik Best Church Management Software

A vulnerability classified as critical has been found in SourceCodester Best Church Management Software 1.1. This vulnerability allows an attacker to manipulate the argument id within the file /admin/edit_slider.php, leading to SQL injection. The potential for remote exploitation raises significant concerns for organizations utilizing this software. The exploit has been disclosed to the public, increasing the urgency for remediation.

The severity of this vulnerability is classified as medium based on the CVSS score of 5.3, indicating a moderate level of risk. Organizations should prioritize addressing this vulnerability to mitigate potential security breaches. Given the ease of exploitation and the impact it may have on data confidentiality and integrity, immediate attention is warranted.

Organizations should prioritize patching immediately. The nature of this vulnerability highlights a critical risk to data security, and failure to address it may lead to unauthorized access and potential data loss.

Given the public disclosure of the exploit, organizations are urged to take proactive measures to secure their software and prevent exploitation attempts. Regular security assessments and updates are essential in maintaining a secure environment.

Vulnerability Details

The vulnerability influences the Best Church Management Software version 1.1 developed by Mayurik. Officially, the vulnerability is categorized under CWE-89, which corresponds to SQL injection. It has a CVSS score of 5.3, indicating a medium severity level, with potential impacts on confidentiality, integrity, and availability. The vulnerability was published on February 12, 2025, and has been analyzed thoroughly.

Technical Analysis

The root cause of this vulnerability lies in improper input sanitation within the affected function of the software. Attackers may leverage SQL injection to manipulate database queries, potentially allowing unauthorized access to sensitive information. The attack vector is network-based, with a low attack complexity, requiring only low privileges and no user interaction. The potential impacts include low confidentiality and integrity, as well as availability concerns.

Risk & Impact Analysis

Risk to organizations includes the possibility of unauthorized access to sensitive data, which could lead to data breaches and compliance violations. The vulnerability's network exploitability increases the potential attack surface, making organizations using this software particularly vulnerable. Organizations should assess their risk exposure and prioritize remediation efforts accordingly.

Given the CVSS score and the nature of the vulnerability, organizations should address this issue within their priority patch cycle. The urgency of the situation is underscored by the potential for exploitation and the significant impact on organizational security.

Signal	Status
Known Exploit	Yes
Public PoC	Yes
Actively Exploited	No
Ransomware Use	No

Affected Versions

The affected version is Best Church Management Software 1.1 by Mayurik. Organizations should ensure they are using the latest versions or apply necessary patches to mitigate this vulnerability.

Mitigation & Remediation

Organizations should prioritize patching immediately. It is essential to update to the latest version of the Best Church Management Software to address this vulnerability. If a patch is unavailable, consider implementing workarounds, such as input validation and sanitization measures to secure the affected component. Regular security assessments and configuration hardening practices are also recommended.

Detection Guidance

Monitor for any unusual database activity and ensure logging is enabled for the affected components. Behavioral anomalies may indicate exploitation attempts. Implement network signatures to detect potential SQL injection attacks targeting this vulnerability.

AppSecure Threat Intelligence Insight

This vulnerability highlights the ongoing risks associated with SQL injection attacks. Organizations must be vigilant in their security practices, consistently reviewing application security measures. Following a robust penetration testing strategy can help identify weaknesses before they can be exploited. Additionally, adopting a comprehensive application security assessment program will enhance overall security posture. Finally, regular updates and security patches are vital for mitigating vulnerabilities in software.

For organizations using Mayurik's Best Church Management Software, proactive measures should include continuous monitoring and updating security practices to adapt to emerging threats.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2025-1202: Medium Vulnerability in Mayurik Best Church Management Software