High

DATE	CVE	VULNERABILITY TITLE	RISK
2024-07-26	CVE-2024-39304	SQL Injection vulnerability in Churchcrm ChurchCRM is an open-source church management system. network low complexity churchcrm CWE-89	8.8
2023-08-11	CVE-2020-28848	Injection vulnerability in Churchcrm 4.2.0 CSV Injection vulnerability in ChurchCRM version 4.2.0, allows remote attackers to execute arbitrary code via crafted CSV file. network low complexity churchcrm CWE-74	8.8
2023-08-08	CVE-2023-38760	SQL Injection vulnerability in Churchcrm 5.0.0 SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the role and gender parameters within the /QueryView.php component. network low complexity churchcrm CWE-89	7.5
2023-08-08	CVE-2023-38762	SQL Injection vulnerability in Churchcrm 5.0.0 SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the friendmonths parameter within the /QueryView.php. network low complexity churchcrm CWE-89	7.5
2023-08-08	CVE-2023-38764	SQL Injection vulnerability in Churchcrm 5.0.0 SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the birthmonth and percls parameters within the /QueryView.php. network low complexity churchcrm CWE-89	7.5
2023-08-08	CVE-2023-38765	SQL Injection vulnerability in Churchcrm 5.0.0 SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the membermonth parameter within the /QueryView.php. network low complexity churchcrm CWE-89	7.5
2023-08-08	CVE-2023-38767	SQL Injection vulnerability in Churchcrm 5.0.0 SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the 'value' and 'custom' parameters within the /QueryView.php. network low complexity churchcrm CWE-89	7.5
2023-08-08	CVE-2023-38768	SQL Injection vulnerability in Churchcrm 5.0.0 SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the PropertyID parameter within the /QueryView.php. network low complexity churchcrm CWE-89	7.5
2023-08-08	CVE-2023-38769	SQL Injection vulnerability in Churchcrm 5.0.0 SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the searchstring and searchwhat parameters within the /QueryView.php. network low complexity churchcrm CWE-89	7.5
2023-08-08	CVE-2023-38770	SQL Injection vulnerability in Churchcrm 5.0.0 SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the group parameter within the /QueryView.php. network low complexity churchcrm CWE-89	7.5