Vulnerabilities > Churchcrm > High

DATE CVE VULNERABILITY TITLE RISK
2025-02-19 CVE-2025-1132 SQL Injection vulnerability in Churchcrm
A time-based blind SQL Injection vulnerability exists in the ChurchCRM 5.13.0 and prior EditEventAttendees.php within the EN_tyid parameter.
network
low complexity
churchcrm CWE-89
8.8
8.8
2025-02-19 CVE-2025-1133 SQL Injection vulnerability in Churchcrm
A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based blind SQL Injection vulnerability in the EditEventAttendees functionality.
network
low complexity
churchcrm CWE-89
7.2
7.2
2025-02-19 CVE-2025-1134 SQL Injection vulnerability in Churchcrm
A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based and time-based blind SQL Injection vulnerability in the DonatedItemEditor functionality.
network
low complexity
churchcrm CWE-89
7.2
7.2
2025-02-19 CVE-2025-1135 SQL Injection vulnerability in Churchcrm
A vulnerability exists in ChurchCRM 5.13.0.
network
low complexity
churchcrm CWE-89
7.2
7.2
2024-07-26 CVE-2024-39304 SQL Injection vulnerability in Churchcrm
ChurchCRM is an open-source church management system.
network
low complexity
churchcrm CWE-89
8.8
8.8
2023-08-11 CVE-2020-28848 Injection vulnerability in Churchcrm 4.2.0
CSV Injection vulnerability in ChurchCRM version 4.2.0, allows remote attackers to execute arbitrary code via crafted CSV file.
network
low complexity
churchcrm CWE-74
8.8
8.8
2023-08-08 CVE-2023-38760 SQL Injection vulnerability in Churchcrm 5.0.0
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the role and gender parameters within the /QueryView.php component.
network
low complexity
churchcrm CWE-89
7.5
7.5
2023-08-08 CVE-2023-38762 SQL Injection vulnerability in Churchcrm 5.0.0
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the friendmonths parameter within the /QueryView.php.
network
low complexity
churchcrm CWE-89
7.5
7.5
2023-08-08 CVE-2023-38764 SQL Injection vulnerability in Churchcrm 5.0.0
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the birthmonth and percls parameters within the /QueryView.php.
network
low complexity
churchcrm CWE-89
7.5
7.5
2023-08-08 CVE-2023-38765 SQL Injection vulnerability in Churchcrm 5.0.0
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the membermonth parameter within the /QueryView.php.
network
low complexity
churchcrm CWE-89
7.5
7.5