Page 2 of 38 results (0.001 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the membermonth parameter within the /QueryView.php. • https://churchcrm.io https://demo.churchcrm.io/master https://github.com/0x72303074/CVE-Disclosures https://github.com/ChurchCRM/CRM/wiki • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Cross Site Scripting (XSS) vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to execute arbitrary code via a crafted payload to the systemSettings.php component. • https://churchcrm.io https://demo.churchcrm.io/master https://github.com/0x72303074/CVE-Disclosures https://github.com/ChurchCRM/CRM/wiki • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

Cross Site Scripting (XSS) vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to execute arbitrary code via a crafted payload to the PersonView.php component. • https://churchcrm.io https://demo.churchcrm.io/master https://github.com/0x72303074/CVE-Disclosures https://github.com/ChurchCRM/CRM/wiki • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the FundRaiserID parameter within the /FundRaiserEditor.php endpoint. • https://churchcrm.io https://demo.churchcrm.io/master https://github.com/0x72303074/CVE-Disclosures https://github.com/ChurchCRM/CRM/wiki • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the volopp parameter within the /QueryView.php. Una vulnerabilidad de inyección SQL en ChurchCRM v5.0.0 permite a un atacante remoto obtener información sensible a través del parámetro "volopp" dentro de "/QueryView.php". • https://churchcrm.io https://demo.churchcrm.io/master https://github.com/0x72303074/CVE-Disclosures https://github.com/ChurchCRM/CRM/wiki • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •