This vulnerability (tracked under CVE-2018-25176 ) remains a high-risk issue for organizations still using legacy versions of this software. To protect systems, security professionals at SentinelOne and VulnCheck recommend the following:
The exploit targets a search endpoint where the key parameter is improperly sanitized. An attacker can use this to execute arbitrary SQL queries, potentially leaking sensitive parishioner data or bypassing authentication entirely. 45840.rar
in the images/uploaded directory to prevent uploaded shells from running. This vulnerability (tracked under CVE-2018-25176 ) remains a
to block common SQL injection patterns.