Show filters
46 Total Results
Displaying 41-46 of 46
Sort by:
Attacker Value
Unknown

CVE-2023-24685

Disclosure Date: February 09, 2023 (last updated February 24, 2025)
ChurchCRM v4.5.3 and below was discovered to contain a SQL injection vulnerability via the Event parameter under the Event Attendance reports module.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2023-24684

Disclosure Date: February 09, 2023 (last updated February 24, 2025)
ChurchCRM v4.5.3 and below was discovered to contain a SQL injection vulnerability via the EID parameter at GetText.php.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-36137

Disclosure Date: November 29, 2022 (last updated February 24, 2025)
ChurchCRM Version 4.4.5 has XSS vulnerabilities that allow attackers to store XSS via location input sHeader.
Attack Vector: NetworkPrivileges: HighUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-36136

Disclosure Date: November 29, 2022 (last updated February 24, 2025)
ChurchCRM Version 4.4.5 has XSS vulnerabilities that allow attackers to store XSS via location input Deposit Comment.
Attack Vector: NetworkPrivileges: HighUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-31325

Disclosure Date: June 08, 2022 (last updated February 23, 2025)
There is a SQL Injection vulnerability in ChurchCRM 4.4.5 via the 'PersonID' field in /churchcrm/WhyCameEditor.php.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2021-41965

Disclosure Date: May 15, 2022 (last updated February 23, 2025)
A SQL injection vulnerability exists in ChurchCRM version 2.0.0 to 4.4.5 that allows an authenticated attacker to issue an arbitrary SQL command to the database through the unsanitized EN_tyid, theID and EID fields used when an Edit action on an existing record is being performed.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
View More Topics  < Previous