Vulnerabilities > Church Management System Project > Church Management System
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-30 | CVE-2022-45328 | SQL Injection vulnerability in Church Management System Project Church Management System 1.0 Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_members.php. | 7.2 |
| 2022-10-12 | CVE-2022-41406 | Unrestricted Upload of File with Dangerous Type vulnerability in Church Management System Project Church Management System 1.0 An arbitrary file upload vulnerability in the /admin/admin_pic.php component of Church Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | 7.2 |
| 2022-06-13 | CVE-2021-41661 | SQL Injection vulnerability in Church Management System Project Church Management System 1.0 Church Management System version 1.0 is affected by a SQL anjection vulnerability through creating a user with a PHP file as an avatar image, which is accessible through the /uploads directory. | 7.5 |
| 2021-10-29 | CVE-2021-41643 | Unrestricted Upload of File with Dangerous Type vulnerability in Church Management System Project Church Management System 1.0 Remote Code Execution (RCE) vulnerability exists in Sourcecodester Church Management System 1.0 via the image upload field. | 7.5 |