Vulnerabilities > Churchcrm > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-09 | CVE-2023-24685 | SQL Injection vulnerability in Churchcrm ChurchCRM v4.5.3 and below was discovered to contain a SQL injection vulnerability via the Event parameter under the Event Attendance reports module. | 7.2 |
| 2022-06-08 | CVE-2022-31325 | SQL Injection vulnerability in Churchcrm 4.4.5 There is a SQL Injection vulnerability in ChurchCRM 4.4.5 via the 'PersonID' field in /churchcrm/WhyCameEditor.php. | 7.2 |
| 2022-05-15 | CVE-2021-41965 | SQL Injection vulnerability in Churchcrm A SQL injection vulnerability exists in ChurchCRM version 2.0.0 to 4.4.5 that allows an authenticated attacker to issue an arbitrary SQL command to the database through the unsanitized EN_tyid, theID and EID fields used when an Edit action on an existing record is being performed. | 8.8 |