Vulnerabilities > Churchcrm > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-08 | CVE-2023-38771 | SQL Injection vulnerability in Churchcrm 5.0.0 SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the volopp parameter within the /QueryView.php. | 7.5 |
| 2023-08-08 | CVE-2023-38773 | SQL Injection vulnerability in Churchcrm 5.0.0 SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the volopp1 and volopp2 parameters within the /QueryView.php. | 7.5 |
| 2023-05-04 | CVE-2023-29842 | SQL Injection vulnerability in Churchcrm 4.5.4 ChurchCRM 4.5.4 endpoint /EditEventTypes.php is vulnerable to Blind SQL Injection (Time-based) via the EN_tyid POST parameter. | 8.8 |
| 2023-04-25 | CVE-2023-25348 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Churchcrm 4.5.3 ChurchCRM 4.5.3 was discovered to contain a CSV injection vulnerability via the Last Name and First Name input fields when creating a new person. | 7.8 |
| 2023-02-09 | CVE-2023-24684 | SQL Injection vulnerability in Churchcrm ChurchCRM v4.5.3 and below was discovered to contain a SQL injection vulnerability via the EID parameter at GetText.php. | 7.2 |
| 2023-02-09 | CVE-2023-24685 | SQL Injection vulnerability in Churchcrm ChurchCRM v4.5.3 and below was discovered to contain a SQL injection vulnerability via the Event parameter under the Event Attendance reports module. | 7.2 |
| 2022-06-08 | CVE-2022-31325 | SQL Injection vulnerability in Churchcrm 4.4.5 There is a SQL Injection vulnerability in ChurchCRM 4.4.5 via the 'PersonID' field in /churchcrm/WhyCameEditor.php. | 7.2 |