CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2606 – SourceCodester Best Church Management Software soulwinning_crud.php unrestricted upload
https://notcve.org/view.php?id=CVE-2025-2606
21 Mar 2025 — A vulnerability was found in SourceCodester Best Church Management Software 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/app/soulwinning_crud.php. The manipulation of the argument photo/photo1 leads to unrestricted upload. The attack can be launched remotely. • https://github.com/Hefei-Coffee/cve/issues/15 • CWE-284: Improper Access Control CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1599 – SourceCodester Best Church Management Software profile_crud.php path traversal
https://notcve.org/view.php?id=CVE-2025-1599
24 Feb 2025 — A vulnerability was found in SourceCodester Best Church Management Software 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/app/profile_crud.php. The manipulation of the argument old_cat_img leads to path traversal: '../filedir'. • https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/best-church-management-software-Delete-any-file.md • CWE-23: Relative Path Traversal CWE-24: Path Traversal: '../filedir' •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1598 – SourceCodester Best Church Management Software asset_crud.php unrestricted upload
https://notcve.org/view.php?id=CVE-2025-1598
23 Feb 2025 — A vulnerability was found in SourceCodester Best Church Management Software 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/app/asset_crud.php. The manipulation of the argument photo1 leads to unrestricted upload. The attack can be launched remotely. • https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/best-church-management-software-Arbitrary-File-Upload.md • CWE-284: Improper Access Control CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1597 – SourceCodester Best Church Management Software redirect.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-1597
23 Feb 2025 — A vulnerability was found in SourceCodester Best Church Management Software 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/redirect.php. The manipulation of the argument a leads to cross site scripting. It is possible to launch the attack remotely. • https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/best-church-management-software-xss.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1596 – SourceCodester Best Church Management Software fpassword.php sql injection
https://notcve.org/view.php?id=CVE-2025-1596
23 Feb 2025 — A vulnerability was found in SourceCodester Best Church Management Software 1.0 and classified as critical. This issue affects some unknown processing of the file /fpassword.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/best-church-management-software-sql.md • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •