NotCVE - vendor:"Churchcrm" product:"Churchcrm" version:"4.5.4"

2 results (0.004 seconds)

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-31699 – ChurchCRM v4.5.4 - Reflected XSS via Image (Authenticated)

https://notcve.org/view.php?id=CVE-2023-31699

17 May 2023 — ChurchCRM v4.5.4 is vulnerable to Reflected Cross-Site Scripting (XSS) via image file. • https://www.exploit-db.com/exploits/51477 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 4

CVE-2023-29842 – ChurchCRM 4.5.4 SQL Injection

https://notcve.org/view.php?id=CVE-2023-29842

04 May 2023 — ChurchCRM 4.5.4 endpoint /EditEventTypes.php is vulnerable to Blind SQL Injection (Time-based) via the EN_tyid POST parameter. ChurchCRM version 4.5.4 suffers from a remote authenticated blind SQL injection vulnerability. • https://packetstorm.news/files/id/175105 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •