Vulnerabilities > Churchcrm > Churchcrm > 5.0.0

DATE CVE VULNERABILITY TITLE RISK
2023-08-08 CVE-2023-38760 SQL Injection vulnerability in Churchcrm 5.0.0
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the role and gender parameters within the /QueryView.php component.
network
low complexity
churchcrm CWE-89
7.5
7.5
2023-08-08 CVE-2023-38761 Cross-site Scripting vulnerability in Churchcrm 5.0.0
Cross Site Scripting (XSS) vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to execute arbitrary code via a crafted payload to the systemSettings.php component.
network
low complexity
churchcrm CWE-79
6.1
6.1
2023-08-08 CVE-2023-38762 SQL Injection vulnerability in Churchcrm 5.0.0
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the friendmonths parameter within the /QueryView.php.
network
low complexity
churchcrm CWE-89
7.5
7.5
2023-08-08 CVE-2023-38763 SQL Injection vulnerability in Churchcrm 5.0.0
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the FundRaiserID parameter within the /FundRaiserEditor.php endpoint.
network
low complexity
churchcrm CWE-89
6.5
6.5
2023-08-08 CVE-2023-38764 SQL Injection vulnerability in Churchcrm 5.0.0
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the birthmonth and percls parameters within the /QueryView.php.
network
low complexity
churchcrm CWE-89
7.5
7.5
2023-08-08 CVE-2023-38765 SQL Injection vulnerability in Churchcrm 5.0.0
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the membermonth parameter within the /QueryView.php.
network
low complexity
churchcrm CWE-89
7.5
7.5
2023-08-08 CVE-2023-38766 Cross-site Scripting vulnerability in Churchcrm 5.0.0
Cross Site Scripting (XSS) vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to execute arbitrary code via a crafted payload to the PersonView.php component.
network
low complexity
churchcrm CWE-79
5.4
5.4
2023-08-08 CVE-2023-38767 SQL Injection vulnerability in Churchcrm 5.0.0
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the 'value' and 'custom' parameters within the /QueryView.php.
network
low complexity
churchcrm CWE-89
7.5
7.5
2023-08-08 CVE-2023-38768 SQL Injection vulnerability in Churchcrm 5.0.0
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the PropertyID parameter within the /QueryView.php.
network
low complexity
churchcrm CWE-89
7.5
7.5
2023-08-08 CVE-2023-38769 SQL Injection vulnerability in Churchcrm 5.0.0
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the searchstring and searchwhat parameters within the /QueryView.php.
network
low complexity
churchcrm CWE-89
7.5
7.5