CVE-2023-38763
https://notcve.org/view.php?id=CVE-2023-38763
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the FundRaiserID parameter within the /FundRaiserEditor.php endpoint. • https://churchcrm.io https://demo.churchcrm.io/master https://github.com/0x72303074/CVE-Disclosures https://github.com/ChurchCRM/CRM/wiki • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-38760
https://notcve.org/view.php?id=CVE-2023-38760
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the role and gender parameters within the /QueryView.php component. • https://churchcrm.io https://demo.churchcrm.io/master https://github.com/0x72303074/CVE-Disclosures https://github.com/ChurchCRM/CRM/wiki • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-38761
https://notcve.org/view.php?id=CVE-2023-38761
Cross Site Scripting (XSS) vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to execute arbitrary code via a crafted payload to the systemSettings.php component. • https://churchcrm.io https://demo.churchcrm.io/master https://github.com/0x72303074/CVE-Disclosures https://github.com/ChurchCRM/CRM/wiki • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-38762
https://notcve.org/view.php?id=CVE-2023-38762
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the friendmonths parameter within the /QueryView.php. • https://churchcrm.io https://demo.churchcrm.io/master https://github.com/0x72303074/CVE-Disclosures https://github.com/ChurchCRM/CRM/wiki • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-38764
https://notcve.org/view.php?id=CVE-2023-38764
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the birthmonth and percls parameters within the /QueryView.php. • https://churchcrm.io https://demo.churchcrm.io/master https://github.com/0x72303074/CVE-Disclosures https://github.com/ChurchCRM/CRM/wiki • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •