Vulnerabilities > Churchcrm > High

DATE CVE VULNERABILITY TITLE RISK
2023-08-08 CVE-2023-38767 SQL Injection vulnerability in Churchcrm 5.0.0
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the 'value' and 'custom' parameters within the /QueryView.php.
network
low complexity
churchcrm CWE-89
7.5
2023-08-08 CVE-2023-38768 SQL Injection vulnerability in Churchcrm 5.0.0
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the PropertyID parameter within the /QueryView.php.
network
low complexity
churchcrm CWE-89
7.5
2023-08-08 CVE-2023-38769 SQL Injection vulnerability in Churchcrm 5.0.0
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the searchstring and searchwhat parameters within the /QueryView.php.
network
low complexity
churchcrm CWE-89
7.5
2023-08-08 CVE-2023-38770 SQL Injection vulnerability in Churchcrm 5.0.0
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the group parameter within the /QueryView.php.
network
low complexity
churchcrm CWE-89
7.5
2023-08-08 CVE-2023-38771 SQL Injection vulnerability in Churchcrm 5.0.0
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the volopp parameter within the /QueryView.php.
network
low complexity
churchcrm CWE-89
7.5
2023-08-08 CVE-2023-38773 SQL Injection vulnerability in Churchcrm 5.0.0
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the volopp1 and volopp2 parameters within the /QueryView.php.
network
low complexity
churchcrm CWE-89
7.5
2023-05-04 CVE-2023-29842 SQL Injection vulnerability in Churchcrm 4.5.4
ChurchCRM 4.5.4 endpoint /EditEventTypes.php is vulnerable to Blind SQL Injection (Time-based) via the EN_tyid POST parameter.
network
low complexity
churchcrm CWE-89
8.8
2023-04-25 CVE-2023-25348 Improper Neutralization of Formula Elements in a CSV File vulnerability in Churchcrm 4.5.3
ChurchCRM 4.5.3 was discovered to contain a CSV injection vulnerability via the Last Name and First Name input fields when creating a new person.
local
low complexity
churchcrm CWE-1236
7.8
2023-04-04 CVE-2023-26855 Use of Insufficiently Random Values vulnerability in Churchcrm 4.5.3
The hashing algorithm of ChurchCRM v4.5.3 utilizes a non-random salt value which allows attackers to use precomputed hash tables or dictionary attacks to crack the hashed passwords.
network
low complexity
churchcrm CWE-330
7.5
2023-02-09 CVE-2023-24684 SQL Injection vulnerability in Churchcrm
ChurchCRM v4.5.3 and below was discovered to contain a SQL injection vulnerability via the EID parameter at GetText.php.
network
low complexity
churchcrm CWE-89
7.2