Vulnerabilities > Churchcrm

DATE	CVE	VULNERABILITY TITLE	RISK
2023-08-08	CVE-2023-38768	SQL Injection vulnerability in Churchcrm 5.0.0 SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the PropertyID parameter within the /QueryView.php. network low complexity churchcrm CWE-89	7.5
2023-08-08	CVE-2023-38769	SQL Injection vulnerability in Churchcrm 5.0.0 SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the searchstring and searchwhat parameters within the /QueryView.php. network low complexity churchcrm CWE-89	7.5
2023-08-08	CVE-2023-38770	SQL Injection vulnerability in Churchcrm 5.0.0 SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the group parameter within the /QueryView.php. network low complexity churchcrm CWE-89	7.5
2023-08-08	CVE-2023-38771	SQL Injection vulnerability in Churchcrm 5.0.0 SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the volopp parameter within the /QueryView.php. network low complexity churchcrm CWE-89	7.5
2023-08-08	CVE-2023-38773	SQL Injection vulnerability in Churchcrm 5.0.0 SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the volopp1 and volopp2 parameters within the /QueryView.php. network low complexity churchcrm CWE-89	7.5
2023-06-29	CVE-2023-33661	Cross-site Scripting vulnerability in Churchcrm 4.5.3 Multiple cross-site scripting (XSS) vulnerabilities were discovered in Church CRM v4.5.3 in GroupReports.php via GroupRole, ReportModel, and OnlyCart parameters. network low complexity churchcrm CWE-79	6.1
2023-05-31	CVE-2023-26842	Cross-site Scripting vulnerability in Churchcrm 4.5.3 A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the OptionManager.php. network low complexity churchcrm CWE-79	5.4
2023-05-31	CVE-2023-31548	Cross-site Scripting vulnerability in Churchcrm 4.5.3 A stored Cross-site scripting (XSS) vulnerability in the FundRaiserEditor.php component of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. network low complexity churchcrm CWE-79	5.4
2023-05-17	CVE-2023-31699	Cross-site Scripting vulnerability in Churchcrm 4.5.4 ChurchCRM v4.5.4 is vulnerable to Reflected Cross-Site Scripting (XSS) via image file. network low complexity churchcrm CWE-79	4.8
2023-05-04	CVE-2023-29842	SQL Injection vulnerability in Churchcrm 4.5.4 ChurchCRM 4.5.4 endpoint /EditEventTypes.php is vulnerable to Blind SQL Injection (Time-based) via the EN_tyid POST parameter. network low complexity churchcrm CWE-89	8.8

Vulnerabilities > Churchcrm {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Churchcrm"}]}

Vulnerabilities > Churchcrm