CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-41406
https://notcve.org/view.php?id=CVE-2022-41406
11 Oct 2022 — An arbitrary file upload vulnerability in the /admin/admin_pic.php component of Church Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. Una vulnerabilidad de descarga de archivos arbitraria en el componente /admin/admin_pic.php de Church Management System versión 1.0 permite a atacantes ejecutar código arbitrario por medio de un archivo PHP diseñado • https://github.com/CokuTau-CH/Bug_report/blob/main/vendors/Godfrey%20De%20Blessed/church-management-system/RCE-1.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-38595
https://notcve.org/view.php?id=CVE-2022-38595
15 Sep 2022 — Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_user.php. Se ha detectado que Church Management System versión v1.0, contiene una vulnerabilidad de inyección SQL por medio del parámetro id en el archivo /admin/edit_user.php • https://github.com/Estbonxby/bug_report/blob/main/vendors/Godfrey%20De%20Blessed/church-management-system/SQLi-2.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-38594
https://notcve.org/view.php?id=CVE-2022-38594
15 Sep 2022 — Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_visitor.php. Se ha detectado que Church Management System versión v1.0, contiene una vulnerabilidad de inyección SQL por medio del parámetro id en el archivo /admin/edit_visitor.php • https://github.com/Estbonxby/bug_report/blob/main/vendors/Godfrey%20De%20Blessed/church-management-system/SQLi-1.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-38605
https://notcve.org/view.php?id=CVE-2022-38605
12 Sep 2022 — Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_event.php. Se ha detectado que Church Management System versión v1.0, contiene una vulnerabilidad de inyección SQL por medio del parámetro id en el archivo /admin/edit_event.php • https://github.com/sunaono1/bug_report/blob/main/vendors/Godfrey%20De%20Blessed/church-management-system/SQLi-1.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2680 – SourceCodester Church Management System login.php sql injection
https://notcve.org/view.php?id=CVE-2022-2680
05 Aug 2022 — A vulnerability classified as critical has been found in SourceCodester Church Management System 1.0. Affected is an unknown function of the file /login.php. The manipulation of the argument username with the input ' OR (SELECT 7064 FROM(SELECT COUNT(*),CONCAT(0x71627a7671,(SELECT (ELT(7064=7064,1))),0x716b707871,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- jURL leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be... • https://github.com/anx0ing/CVE_demo/blob/main/2022/Church%20Management%20System-SQL%20injections.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-41661
https://notcve.org/view.php?id=CVE-2021-41661
13 Jun 2022 — Church Management System version 1.0 is affected by a SQL anjection vulnerability through creating a user with a PHP file as an avatar image, which is accessible through the /uploads directory. This can lead to RCE on the web server by uploading a PHP webshell. Church Management System versión 1.0, está afectada por una vulnerabilidad de inyección SQL mediante la creación de un usuario con un archivo PHP como imagen de avatar, que es accesible mediante el directorio /uploads. Esto puede conllevar a una RCE ... • https://github.com/janikwehrli1/0dayHunt/blob/main/Church_Managementv1.0_RCE.py • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-1084 – SourceCodester One Church Management System Session userregister.php improper authentication
https://notcve.org/view.php?id=CVE-2022-1084
29 Mar 2022 — A vulnerability classified as critical was found in SourceCodester One Church Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /one_church/userregister.php. The manipulation leads to authentication bypass. The attack can be launched remotely. Se ha encontrado una vulnerabilidad clasificada como crítica en SourceCodester One Church Management System versión 1.0. • https://vuldb.com/?id.195643 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-1080 – SourceCodester One Church Management System attendancy.php sql injection
https://notcve.org/view.php?id=CVE-2022-1080
29 Mar 2022 — A vulnerability was found in SourceCodester One Church Management System 1.0. It has been declared as critical. This vulnerability affects code of the file attendancy.php as the manipulation of the argument search2 leads to sql injection. The attack can be initiated remotely. Se ha encontrado una vulnerabilidad en SourceCodester One Church Management System 1.0. • https://vuldb.com/?id.195442 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-1079 – SourceCodester One Church Management System churchprofile.php cross site scripting
https://notcve.org/view.php?id=CVE-2022-1079
29 Mar 2022 — A vulnerability classified as problematic has been found in SourceCodester One Church Management System. Affected are multiple files and parameters which are prone to to cross site scripting. It is possible to launch the attack remotely. Se ha encontrado una vulnerabilidad clasificada como problemática en SourceCodester One Church Management System. Están afectados múltiples archivos y parámetros que son propensos a una vulnerabilidad de tipo cross site scripting. • https://vuldb.com/?id.195426 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 2CVE-2021-41643
https://notcve.org/view.php?id=CVE-2021-41643
29 Oct 2021 — Remote Code Execution (RCE) vulnerability exists in Sourcecodester Church Management System 1.0 via the image upload field. Se presenta una vulnerabilidad de Ejecución de Código Remota (RCE) en Sourcecodester Church Management System versión 1.0, por medio del campo image upload • https://github.com/hax3xploit/CVE-2021-41643 • CWE-434: Unrestricted Upload of File with Dangerous Type •