Vulnerabilities > Churchcrm > Churchcrm > 4.4.5

DATE CVE VULNERABILITY TITLE RISK
2023-02-09 CVE-2023-24684 SQL Injection vulnerability in Churchcrm
ChurchCRM v4.5.3 and below was discovered to contain a SQL injection vulnerability via the EID parameter at GetText.php.
network
low complexity
churchcrm CWE-89
7.2
7.2
2023-02-09 CVE-2023-24685 SQL Injection vulnerability in Churchcrm
ChurchCRM v4.5.3 and below was discovered to contain a SQL injection vulnerability via the Event parameter under the Event Attendance reports module.
network
low complexity
churchcrm CWE-89
7.2
7.2
2023-02-09 CVE-2023-24686 Cross-site Scripting vulnerability in Churchcrm
An issue in the CSV Import function of ChurchCRM v4.5.3 and below allows attackers to execute arbitrary code via importing a crafted CSV file.
network
low complexity
churchcrm CWE-79
4.8
4.8
2023-02-09 CVE-2023-24690 Cross-site Scripting vulnerability in Churchcrm
ChurchCRM 4.5.3 and below was discovered to contain a stored cross-site scripting (XSS) vulnerability at /api/public/register/family.
network
low complexity
churchcrm CWE-79
5.4
5.4
2022-11-29 CVE-2022-36136 Cross-site Scripting vulnerability in Churchcrm 4.4.5
ChurchCRM Version 4.4.5 has XSS vulnerabilities that allow attackers to store XSS via location input Deposit Comment.
network
low complexity
churchcrm CWE-79
4.8
4.8
2022-11-29 CVE-2022-36137 Cross-site Scripting vulnerability in Churchcrm 4.4.5
ChurchCRM Version 4.4.5 has XSS vulnerabilities that allow attackers to store XSS via location input sHeader.
network
low complexity
churchcrm CWE-79
4.8
4.8
2022-06-08 CVE-2022-31325 SQL Injection vulnerability in Churchcrm 4.4.5
There is a SQL Injection vulnerability in ChurchCRM 4.4.5 via the 'PersonID' field in /churchcrm/WhyCameEditor.php.
network
low complexity
churchcrm CWE-89
7.2
7.2