CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2680 – SourceCodester Church Management System login.php sql injection
https://notcve.org/view.php?id=CVE-2022-2680
A vulnerability classified as critical has been found in SourceCodester Church Management System 1.0. Affected is an unknown function of the file /login.php. The manipulation of the argument username with the input ' OR (SELECT 7064 FROM(SELECT COUNT(*),CONCAT(0x71627a7671,(SELECT (ELT(7064=7064,1))),0x716b707871,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- jURL leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/anx0ing/CVE_demo/blob/main/2022/Church%20Management%20System-SQL%20injections.md https://vuldb.com/?id.205668 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-41661
https://notcve.org/view.php?id=CVE-2021-41661
Church Management System version 1.0 is affected by a SQL anjection vulnerability through creating a user with a PHP file as an avatar image, which is accessible through the /uploads directory. This can lead to RCE on the web server by uploading a PHP webshell. Church Management System versión 1.0, está afectada por una vulnerabilidad de inyección SQL mediante la creación de un usuario con un archivo PHP como imagen de avatar, que es accesible mediante el directorio /uploads. Esto puede conllevar a una RCE en el servidor web mediante la carga de un webshell PHP • https://github.com/janikwehrli1/0dayHunt/blob/main/Church_Managementv1.0_RCE.py • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-1084 – SourceCodester One Church Management System Session userregister.php improper authentication
https://notcve.org/view.php?id=CVE-2022-1084
A vulnerability classified as critical was found in SourceCodester One Church Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /one_church/userregister.php. The manipulation leads to authentication bypass. The attack can be launched remotely. Se ha encontrado una vulnerabilidad clasificada como crítica en SourceCodester One Church Management System versión 1.0. • https://vuldb.com/?id.195643 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-1080 – SourceCodester One Church Management System attendancy.php sql injection
https://notcve.org/view.php?id=CVE-2022-1080
A vulnerability was found in SourceCodester One Church Management System 1.0. It has been declared as critical. This vulnerability affects code of the file attendancy.php as the manipulation of the argument search2 leads to sql injection. The attack can be initiated remotely. Se ha encontrado una vulnerabilidad en SourceCodester One Church Management System 1.0. • https://vuldb.com/?id.195442 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-1079 – SourceCodester One Church Management System churchprofile.php cross site scripting
https://notcve.org/view.php?id=CVE-2022-1079
A vulnerability classified as problematic has been found in SourceCodester One Church Management System. Affected are multiple files and parameters which are prone to to cross site scripting. It is possible to launch the attack remotely. Se ha encontrado una vulnerabilidad clasificada como problemática en SourceCodester One Church Management System. Están afectados múltiples archivos y parámetros que son propensos a una vulnerabilidad de tipo cross site scripting. • https://vuldb.com/?id.195426 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •