Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
churchcrm churchcrm 5.0.0 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2023-38760
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote malicious user to obtain sensitive information via the role and gender parameters within the /QueryView.php component.
Churchcrm Churchcrm 5.0.0
6.1
CVSSv3
CVE-2023-38761
Cross Site Scripting (XSS) vulnerability in ChurchCRM v.5.0.0 allows a remote malicious user to execute arbitrary code via a crafted payload to the systemSettings.php component.
Churchcrm Churchcrm 5.0.0
7.5
CVSSv3
CVE-2023-38762
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote malicious user to obtain sensitive information via the friendmonths parameter within the /QueryView.php.
Churchcrm Churchcrm 5.0.0
6.5
CVSSv3
CVE-2023-38763
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote malicious user to obtain sensitive information via the FundRaiserID parameter within the /FundRaiserEditor.php endpoint.
Churchcrm Churchcrm 5.0.0
7.5
CVSSv3
CVE-2023-38764
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote malicious user to obtain sensitive information via the birthmonth and percls parameters within the /QueryView.php.
Churchcrm Churchcrm 5.0.0
7.5
CVSSv3
CVE-2023-38765
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote malicious user to obtain sensitive information via the membermonth parameter within the /QueryView.php.
Churchcrm Churchcrm 5.0.0
5.4
CVSSv3
CVE-2023-38766
Cross Site Scripting (XSS) vulnerability in ChurchCRM v.5.0.0 allows a remote malicious user to execute arbitrary code via a crafted payload to the PersonView.php component.
Churchcrm Churchcrm 5.0.0
7.5
CVSSv3
CVE-2023-38767
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote malicious user to obtain sensitive information via the 'value' and 'custom' parameters within the /QueryView.php.
Churchcrm Churchcrm 5.0.0
7.5
CVSSv3
CVE-2023-38768
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote malicious user to obtain sensitive information via the PropertyID parameter within the /QueryView.php.
Churchcrm Churchcrm 5.0.0
7.5
CVSSv3
CVE-2023-38769
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote malicious user to obtain sensitive information via the searchstring and searchwhat parameters within the /QueryView.php.
Churchcrm Churchcrm 5.0.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »