Vulnerabilities > Churchcrm > High

DATE CVE VULNERABILITY TITLE RISK
2023-08-08 CVE-2023-38771 SQL Injection vulnerability in Churchcrm 5.0.0
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the volopp parameter within the /QueryView.php.
network
low complexity
churchcrm CWE-89
7.5
2023-08-08 CVE-2023-38773 SQL Injection vulnerability in Churchcrm 5.0.0
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the volopp1 and volopp2 parameters within the /QueryView.php.
network
low complexity
churchcrm CWE-89
7.5
2023-05-04 CVE-2023-29842 SQL Injection vulnerability in Churchcrm 4.5.4
ChurchCRM 4.5.4 endpoint /EditEventTypes.php is vulnerable to Blind SQL Injection (Time-based) via the EN_tyid POST parameter.
network
low complexity
churchcrm CWE-89
8.8
2023-04-25 CVE-2023-25348 Improper Neutralization of Formula Elements in a CSV File vulnerability in Churchcrm 4.5.3
ChurchCRM 4.5.3 was discovered to contain a CSV injection vulnerability via the Last Name and First Name input fields when creating a new person.
local
low complexity
churchcrm CWE-1236
7.8
2023-02-09 CVE-2023-24684 SQL Injection vulnerability in Churchcrm
ChurchCRM v4.5.3 and below was discovered to contain a SQL injection vulnerability via the EID parameter at GetText.php.
network
low complexity
churchcrm CWE-89
7.2
2023-02-09 CVE-2023-24685 SQL Injection vulnerability in Churchcrm
ChurchCRM v4.5.3 and below was discovered to contain a SQL injection vulnerability via the Event parameter under the Event Attendance reports module.
network
low complexity
churchcrm CWE-89
7.2
2022-06-08 CVE-2022-31325 SQL Injection vulnerability in Churchcrm 4.4.5
There is a SQL Injection vulnerability in ChurchCRM 4.4.5 via the 'PersonID' field in /churchcrm/WhyCameEditor.php.
network
low complexity
churchcrm CWE-89
7.2