Vulnerabilities > Churchcrm

DATE	CVE	VULNERABILITY TITLE	RISK
2023-05-04	CVE-2023-29842	SQL Injection vulnerability in Churchcrm 4.5.4 ChurchCRM 4.5.4 endpoint /EditEventTypes.php is vulnerable to Blind SQL Injection (Time-based) via the EN_tyid POST parameter. network low complexity churchcrm CWE-89	8.8
2023-04-25	CVE-2023-25346	Cross-site Scripting vulnerability in Churchcrm 4.5.3 A reflected cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the id parameter of /churchcrm/v2/family/not-found. network low complexity churchcrm CWE-79	6.1
2023-04-25	CVE-2023-25347	Cross-site Scripting vulnerability in Churchcrm 4.5.3 A stored cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3, allows remote attackers to inject arbitrary web script or HTML via input fields. network low complexity churchcrm CWE-79	5.4
2023-04-25	CVE-2023-25348	Improper Neutralization of Formula Elements in a CSV File vulnerability in Churchcrm 4.5.3 ChurchCRM 4.5.3 was discovered to contain a CSV injection vulnerability via the Last Name and First Name input fields when creating a new person. local low complexity churchcrm CWE-1236	7.8
2023-04-25	CVE-2023-26839	Cross-Site Request Forgery (CSRF) vulnerability in Churchcrm 4.5.3 A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3 allows attackers to edit information for existing people on the site. network low complexity churchcrm CWE-352	4.3
2023-04-25	CVE-2023-26840	Cross-Site Request Forgery (CSRF) vulnerability in Churchcrm 4.5.3 A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3 allows attackers to set a person to a user and set that user to be an Administrator. network high complexity churchcrm CWE-352	5.3
2023-04-25	CVE-2023-26841	Cross-Site Request Forgery (CSRF) vulnerability in Churchcrm 4.5.3 A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3 allows attackers to change any user's password except for the user that is currently logged in. network low complexity churchcrm CWE-352	6.5
2023-04-25	CVE-2023-26843	Cross-site Scripting vulnerability in Churchcrm 4.5.3 A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the NoteEditor.php. network low complexity churchcrm CWE-79	5.4
2023-03-16	CVE-2023-27059	Cross-site Scripting vulnerability in Churchcrm 4.5.3 A cross-site scripting (XSS) vulnerability in the Edit Group function of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Group Name text field. network low complexity churchcrm CWE-79	5.4
2023-02-09	CVE-2023-24684	SQL Injection vulnerability in Churchcrm ChurchCRM v4.5.3 and below was discovered to contain a SQL injection vulnerability via the EID parameter at GetText.php. network low complexity churchcrm CWE-89	7.2

Vulnerabilities > Churchcrm {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Churchcrm"}]}

Vulnerabilities > Churchcrm