Vulnerabilities > Churchcrm > Churchcrm > 4.3.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-02-09 | CVE-2023-24684 | SQL Injection vulnerability in Churchcrm ChurchCRM v4.5.3 and below was discovered to contain a SQL injection vulnerability via the EID parameter at GetText.php. | 7.2 |
2023-02-09 | CVE-2023-24685 | SQL Injection vulnerability in Churchcrm ChurchCRM v4.5.3 and below was discovered to contain a SQL injection vulnerability via the Event parameter under the Event Attendance reports module. | 7.2 |
2023-02-09 | CVE-2023-24686 | Cross-site Scripting vulnerability in Churchcrm An issue in the CSV Import function of ChurchCRM v4.5.3 and below allows attackers to execute arbitrary code via importing a crafted CSV file. | 4.8 |
2023-02-09 | CVE-2023-24690 | Cross-site Scripting vulnerability in Churchcrm ChurchCRM 4.5.3 and below was discovered to contain a stored cross-site scripting (XSS) vulnerability at /api/public/register/family. | 5.4 |