Vulnerabilities > Churchcrm

DATE CVE VULNERABILITY TITLE RISK
2023-08-08 CVE-2023-38767 SQL Injection vulnerability in Churchcrm 5.0.0
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the 'value' and 'custom' parameters within the /QueryView.php.
network
low complexity
churchcrm CWE-89
7.5
2023-08-08 CVE-2023-38768 SQL Injection vulnerability in Churchcrm 5.0.0
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the PropertyID parameter within the /QueryView.php.
network
low complexity
churchcrm CWE-89
7.5
2023-08-08 CVE-2023-38769 SQL Injection vulnerability in Churchcrm 5.0.0
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the searchstring and searchwhat parameters within the /QueryView.php.
network
low complexity
churchcrm CWE-89
7.5
2023-08-08 CVE-2023-38770 SQL Injection vulnerability in Churchcrm 5.0.0
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the group parameter within the /QueryView.php.
network
low complexity
churchcrm CWE-89
7.5
2023-08-08 CVE-2023-38771 SQL Injection vulnerability in Churchcrm 5.0.0
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the volopp parameter within the /QueryView.php.
network
low complexity
churchcrm CWE-89
7.5
2023-08-08 CVE-2023-38773 SQL Injection vulnerability in Churchcrm 5.0.0
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the volopp1 and volopp2 parameters within the /QueryView.php.
network
low complexity
churchcrm CWE-89
7.5
2023-06-29 CVE-2023-33661 Cross-site Scripting vulnerability in Churchcrm 4.5.3
Multiple cross-site scripting (XSS) vulnerabilities were discovered in Church CRM v4.5.3 in GroupReports.php via GroupRole, ReportModel, and OnlyCart parameters.
network
low complexity
churchcrm CWE-79
6.1
2023-05-31 CVE-2023-26842 Cross-site Scripting vulnerability in Churchcrm 4.5.3
A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the OptionManager.php.
network
low complexity
churchcrm CWE-79
5.4
2023-05-31 CVE-2023-31548 Cross-site Scripting vulnerability in Churchcrm 4.5.3
A stored Cross-site scripting (XSS) vulnerability in the FundRaiserEditor.php component of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
network
low complexity
churchcrm CWE-79
5.4
2023-05-17 CVE-2023-31699 Cross-site Scripting vulnerability in Churchcrm 4.5.4
ChurchCRM v4.5.4 is vulnerable to Reflected Cross-Site Scripting (XSS) via image file.
network
low complexity
churchcrm CWE-79
4.8