Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
churchcrm churchcrm vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2023-38770
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote malicious user to obtain sensitive information via the group parameter within the /QueryView.php.
Churchcrm Churchcrm 5.0.0
7.5
CVSSv3
CVE-2023-38771
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote malicious user to obtain sensitive information via the volopp parameter within the /QueryView.php.
Churchcrm Churchcrm 5.0.0
7.5
CVSSv3
CVE-2023-38773
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote malicious user to obtain sensitive information via the volopp1 and volopp2 parameters within the /QueryView.php.
Churchcrm Churchcrm 5.0.0
4.8
CVSSv3
CVE-2023-31699
ChurchCRM v4.5.4 is vulnerable to Reflected Cross-Site Scripting (XSS) via image file.
Churchcrm Churchcrm 4.5.4
5.4
CVSSv3
CVE-2023-31548
A stored Cross-site scripting (XSS) vulnerability in the FundRaiserEditor.php component of ChurchCRM v4.5.3 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload.
Churchcrm Churchcrm 4.5.3
5.4
CVSSv3
CVE-2023-25347
A stored cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3, allows remote malicious users to inject arbitrary web script or HTML via input fields. These input fields are located in the "Title" Input Field in EventEditor.php.
Churchcrm Churchcrm 4.5.3
8.8
CVSSv3
CVE-2023-29842
ChurchCRM 4.5.4 endpoint /EditEventTypes.php is vulnerable to Blind SQL Injection (Time-based) via the EN_tyid POST parameter.
Churchcrm Churchcrm 4.5.4
6.1
CVSSv3
CVE-2023-33661
Multiple cross-site scripting (XSS) vulnerabilities were discovered in Church CRM v4.5.3 in GroupReports.php via GroupRole, ReportModel, and OnlyCart parameters.
Churchcrm Churchcrm 4.5.3
7.2
CVSSv3
CVE-2022-31325
There is a SQL Injection vulnerability in ChurchCRM 4.4.5 via the 'PersonID' field in /churchcrm/WhyCameEditor.php.
Churchcrm Churchcrm 4.4.5
8.8
CVSSv3
CVE-2020-28848
CSV Injection vulnerability in ChurchCRM version 4.2.0, allows remote malicious users to execute arbitrary code via crafted CSV file.
Churchcrm Churchcrm 4.2.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »