CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38766
https://notcve.org/view.php?id=CVE-2023-38766
08 Aug 2023 — Cross Site Scripting (XSS) vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to execute arbitrary code via a crafted payload to the PersonView.php component. • https://churchcrm.io • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38768
https://notcve.org/view.php?id=CVE-2023-38768
08 Aug 2023 — SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the PropertyID parameter within the /QueryView.php. Una vulnerabilidad de inyección SQL en ChurchCRM v5.0.0 permite a un atacante remoto obtener información sensible a través del parámetro "PropertyID" dentro de "/QueryView.php". • https://churchcrm.io • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38762
https://notcve.org/view.php?id=CVE-2023-38762
08 Aug 2023 — SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the friendmonths parameter within the /QueryView.php. • https://churchcrm.io • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38767
https://notcve.org/view.php?id=CVE-2023-38767
08 Aug 2023 — SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the 'value' and 'custom' parameters within the /QueryView.php. • https://churchcrm.io • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38771
https://notcve.org/view.php?id=CVE-2023-38771
08 Aug 2023 — SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the volopp parameter within the /QueryView.php. Una vulnerabilidad de inyección SQL en ChurchCRM v5.0.0 permite a un atacante remoto obtener información sensible a través del parámetro "volopp" dentro de "/QueryView.php". • https://churchcrm.io • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38760
https://notcve.org/view.php?id=CVE-2023-38760
08 Aug 2023 — SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the role and gender parameters within the /QueryView.php component. • https://churchcrm.io • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38769
https://notcve.org/view.php?id=CVE-2023-38769
08 Aug 2023 — SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the searchstring and searchwhat parameters within the /QueryView.php. Una vulnerabilidad de inyección SQL en ChurchCRM v5.0.0 permite a un atacante remoto obtener información sensible a través de los parámetros "searchstring" y "searchwhat" dentro de "/QueryView.php". • https://churchcrm.io • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38764
https://notcve.org/view.php?id=CVE-2023-38764
08 Aug 2023 — SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the birthmonth and percls parameters within the /QueryView.php. • https://churchcrm.io • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38770
https://notcve.org/view.php?id=CVE-2023-38770
08 Aug 2023 — SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the group parameter within the /QueryView.php. Una vulnerabilidad de inyección SQL en ChurchCRM v5.0.0 permite a un atacante remoto obtener información sensible a través del parámetro "group" dentro de "/QueryView.php". • https://churchcrm.io • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38761
https://notcve.org/view.php?id=CVE-2023-38761
08 Aug 2023 — Cross Site Scripting (XSS) vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to execute arbitrary code via a crafted payload to the systemSettings.php component. • https://churchcrm.io • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •