7 results (0.007 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

CSV Injection vulnerability in ChurchCRM version 4.2.0, allows remote attackers to execute arbitrary code via crafted CSV file. Una vulnerabilidad de inyección CSV en ChurchCRM versión 4.2.0, permite a atacantes remotos ejecutar código arbitrario a través de un archivo CSV manipulado. • https://github.com/ChurchCRM/CRM/issues/5465 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

Cross Site Scripting (XSS) vulnerability in ChurchCRM version 4.2.1, allows remote attckers to execute arbitrary code and gain sensitive information via crafted payload in Add New Deposit field in View All Deposit module. Una vulnerabilidad de Cross-Site Scripting (XSS) en ChurchCRM v4.2.1 permite a atacantes remotos ejecutar código arbitrario y obtener información confidencial a través de un payload manipulado en el campo "Add New Deposit" del módulo "View All Deposit". • https://github.com/ChurchCRM/CRM/issues/5477 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1

ChurchCRM v4.5.3 and below was discovered to contain a SQL injection vulnerability via the Event parameter under the Event Attendance reports module. ChurchCRM versions 4.5.3 and below suffer from a remote SQL injection vulnerability. • http://churchcrm.io http://packetstormsecurity.com/files/172047/ChurchCRM-4.5.3-SQL-Injection.html https://github.com/ChurchCRM/CRM https://github.com/blakduk/Advisories/blob/main/ChurchCRM/README.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1

ChurchCRM v4.5.3 and below was discovered to contain a SQL injection vulnerability via the EID parameter at GetText.php. • http://churchcrm.io https://github.com/ChurchCRM/CRM https://github.com/blakduk/Advisories/blob/main/ChurchCRM/README.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

ChurchCRM 4.5.3 and below was discovered to contain a stored cross-site scripting (XSS) vulnerability at /api/public/register/family. • http://churchcrm.io https://github.com/blakduk/Advisories/blob/main/ChurchCRM/README.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •