Vulnerabilities > Churchcrm > Churchcrm > 5.0.0

DATE CVE VULNERABILITY TITLE RISK
2023-08-08 CVE-2023-38770 SQL Injection vulnerability in Churchcrm 5.0.0
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the group parameter within the /QueryView.php.
network
low complexity
churchcrm CWE-89
7.5
7.5
2023-08-08 CVE-2023-38771 SQL Injection vulnerability in Churchcrm 5.0.0
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the volopp parameter within the /QueryView.php.
network
low complexity
churchcrm CWE-89
7.5
7.5
2023-08-08 CVE-2023-38773 SQL Injection vulnerability in Churchcrm 5.0.0
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the volopp1 and volopp2 parameters within the /QueryView.php.
network
low complexity
churchcrm CWE-89
7.5
7.5