Vulnerabilities > Churchcrm > Churchcrm > 5.0.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-08-08 | CVE-2023-38760 | SQL Injection vulnerability in Churchcrm 5.0.0 SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the role and gender parameters within the /QueryView.php component. | 7.5 |
2023-08-08 | CVE-2023-38761 | Cross-site Scripting vulnerability in Churchcrm 5.0.0 Cross Site Scripting (XSS) vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to execute arbitrary code via a crafted payload to the systemSettings.php component. | 6.1 |
2023-08-08 | CVE-2023-38762 | SQL Injection vulnerability in Churchcrm 5.0.0 SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the friendmonths parameter within the /QueryView.php. | 7.5 |
2023-08-08 | CVE-2023-38763 | SQL Injection vulnerability in Churchcrm 5.0.0 SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the FundRaiserID parameter within the /FundRaiserEditor.php endpoint. | 6.5 |
2023-08-08 | CVE-2023-38764 | SQL Injection vulnerability in Churchcrm 5.0.0 SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the birthmonth and percls parameters within the /QueryView.php. | 7.5 |
2023-08-08 | CVE-2023-38765 | SQL Injection vulnerability in Churchcrm 5.0.0 SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the membermonth parameter within the /QueryView.php. | 7.5 |
2023-08-08 | CVE-2023-38766 | Cross-site Scripting vulnerability in Churchcrm 5.0.0 Cross Site Scripting (XSS) vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to execute arbitrary code via a crafted payload to the PersonView.php component. | 5.4 |
2023-08-08 | CVE-2023-38767 | SQL Injection vulnerability in Churchcrm 5.0.0 SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the 'value' and 'custom' parameters within the /QueryView.php. | 7.5 |
2023-08-08 | CVE-2023-38768 | SQL Injection vulnerability in Churchcrm 5.0.0 SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the PropertyID parameter within the /QueryView.php. | 7.5 |
2023-08-08 | CVE-2023-38769 | SQL Injection vulnerability in Churchcrm 5.0.0 SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the searchstring and searchwhat parameters within the /QueryView.php. | 7.5 |