Baptism Information Management System
Monthly
SQL injection in itsourcecode Baptism Information Management System 1.0 exposes database contents to remote unauthenticated attackers via the ID parameter in /editBaptism.php. A publicly available proof-of-concept exploit exists on GitHub, enabling data exfiltration or modification without any credentials or user interaction. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N/E:P) confirms low-complexity remote exploitation with no special conditions required, and no vendor-released patch has been identified.
SQL injection in itsourcecode Baptism Information Management System 1.0 exposes the `/delbaptism.php` endpoint to remote database manipulation via an unsanitized `ID` parameter. The CVSS 4.0 vector (AV:N/AC:L/PR:N/UI:N) confirms this requires no authentication or user interaction against any network-accessible instance. A public proof-of-concept exploit exists on GitHub, making this immediately weaponizable against any exposed deployment, though the application is not listed in CISA KEV and its niche footprint substantially limits aggregate exposure.
SQL injection in itsourcecode Baptism Information Management System 1.0 exposes database contents to remote unauthenticated attackers via the ID parameter in /editBaptism.php. A publicly available proof-of-concept exploit exists on GitHub, enabling data exfiltration or modification without any credentials or user interaction. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N/E:P) confirms low-complexity remote exploitation with no special conditions required, and no vendor-released patch has been identified.
SQL injection in itsourcecode Baptism Information Management System 1.0 exposes the `/delbaptism.php` endpoint to remote database manipulation via an unsanitized `ID` parameter. The CVSS 4.0 vector (AV:N/AC:L/PR:N/UI:N) confirms this requires no authentication or user interaction against any network-accessible instance. A public proof-of-concept exploit exists on GitHub, making this immediately weaponizable against any exposed deployment, though the application is not listed in CISA KEV and its niche footprint substantially limits aggregate exposure.