High

DATE	CVE	VULNERABILITY TITLE	RISK
2023-08-08	CVE-2023-38767	SQL Injection vulnerability in Churchcrm 5.0.0 SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the 'value' and 'custom' parameters within the /QueryView.php. network low complexity churchcrm CWE-89	7.5
2023-08-08	CVE-2023-38768	SQL Injection vulnerability in Churchcrm 5.0.0 SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the PropertyID parameter within the /QueryView.php. network low complexity churchcrm CWE-89	7.5
2023-08-08	CVE-2023-38769	SQL Injection vulnerability in Churchcrm 5.0.0 SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the searchstring and searchwhat parameters within the /QueryView.php. network low complexity churchcrm CWE-89	7.5
2023-08-08	CVE-2023-38770	SQL Injection vulnerability in Churchcrm 5.0.0 SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the group parameter within the /QueryView.php. network low complexity churchcrm CWE-89	7.5
2023-08-08	CVE-2023-38771	SQL Injection vulnerability in Churchcrm 5.0.0 SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the volopp parameter within the /QueryView.php. network low complexity churchcrm CWE-89	7.5
2023-08-08	CVE-2023-38773	SQL Injection vulnerability in Churchcrm 5.0.0 SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the volopp1 and volopp2 parameters within the /QueryView.php. network low complexity churchcrm CWE-89	7.5
2023-05-04	CVE-2023-29842	SQL Injection vulnerability in Churchcrm 4.5.4 ChurchCRM 4.5.4 endpoint /EditEventTypes.php is vulnerable to Blind SQL Injection (Time-based) via the EN_tyid POST parameter. network low complexity churchcrm CWE-89	8.8
2023-04-25	CVE-2023-25348	Improper Neutralization of Formula Elements in a CSV File vulnerability in Churchcrm 4.5.3 ChurchCRM 4.5.3 was discovered to contain a CSV injection vulnerability via the Last Name and First Name input fields when creating a new person. local low complexity churchcrm CWE-1236	7.8
2023-04-04	CVE-2023-26855	Use of Insufficiently Random Values vulnerability in Churchcrm 4.5.3 The hashing algorithm of ChurchCRM v4.5.3 utilizes a non-random salt value which allows attackers to use precomputed hash tables or dictionary attacks to crack the hashed passwords. network low complexity churchcrm CWE-330	7.5
2023-02-09	CVE-2023-24684	SQL Injection vulnerability in Churchcrm ChurchCRM v4.5.3 and below was discovered to contain a SQL injection vulnerability via the EID parameter at GetText.php. network low complexity churchcrm CWE-89	7.2