Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
churchcrm churchcrm vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2022-36136
ChurchCRM Version 4.4.5 has XSS vulnerabilities that allow malicious users to store XSS via location input Deposit Comment.
Churchcrm Churchcrm 4.4.5
4.8
CVSSv3
CVE-2022-36137
ChurchCRM Version 4.4.5 has XSS vulnerabilities that allow malicious users to store XSS via location input sHeader.
Churchcrm Churchcrm 4.4.5
7.5
CVSSv3
CVE-2023-38760
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote malicious user to obtain sensitive information via the role and gender parameters within the /QueryView.php component.
Churchcrm Churchcrm 5.0.0
6.1
CVSSv3
CVE-2023-38761
Cross Site Scripting (XSS) vulnerability in ChurchCRM v.5.0.0 allows a remote malicious user to execute arbitrary code via a crafted payload to the systemSettings.php component.
Churchcrm Churchcrm 5.0.0
7.5
CVSSv3
CVE-2023-38762
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote malicious user to obtain sensitive information via the friendmonths parameter within the /QueryView.php.
Churchcrm Churchcrm 5.0.0
6.5
CVSSv3
CVE-2023-38763
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote malicious user to obtain sensitive information via the FundRaiserID parameter within the /FundRaiserEditor.php endpoint.
Churchcrm Churchcrm 5.0.0
7.5
CVSSv3
CVE-2023-38764
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote malicious user to obtain sensitive information via the birthmonth and percls parameters within the /QueryView.php.
Churchcrm Churchcrm 5.0.0
7.5
CVSSv3
CVE-2023-38765
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote malicious user to obtain sensitive information via the membermonth parameter within the /QueryView.php.
Churchcrm Churchcrm 5.0.0
4.3
CVSSv3
CVE-2023-26839
A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3 allows malicious users to edit information for existing people on the site.
Churchcrm Churchcrm 4.5.3
5.3
CVSSv3
CVE-2023-26840
A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3 allows malicious users to set a person to a user and set that user to be an Administrator.
Churchcrm Churchcrm 4.5.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »