Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
churchcrm churchcrm vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-24685
ChurchCRM v4.5.3 and below exists to contain a SQL injection vulnerability via the Event parameter under the Event Attendance reports module.
Churchcrm Churchcrm
NA
CVE-2023-24684
ChurchCRM v4.5.3 and below exists to contain a SQL injection vulnerability via the EID parameter at GetText.php.
Churchcrm Churchcrm
6.5
CVSSv2
CVE-2021-41965
A SQL injection vulnerability exists in ChurchCRM version 2.0.0 to 4.4.5 that allows an authenticated malicious user to issue an arbitrary SQL command to the database through the unsanitized EN_tyid, theID and EID fields used when an Edit action on an existing record is being per...
Churchcrm Churchcrm
NA
CVE-2020-28849
Cross Site Scripting (XSS) vulnerability in ChurchCRM version 4.2.1, allows remote attckers to execute arbitrary code and gain sensitive information via crafted payload in Add New Deposit field in View All Deposit module.
Churchcrm Churchcrm
NA
CVE-2023-24686
An issue in the CSV Import function of ChurchCRM v4.5.3 and below allows malicious users to execute arbitrary code via importing a crafted CSV file.
Churchcrm Churchcrm
NA
CVE-2023-24690
ChurchCRM 4.5.3 and below exists to contain a stored cross-site scripting (XSS) vulnerability at /api/public/register/family.
Churchcrm Churchcrm
NA
CVE-2023-31548
A stored Cross-site scripting (XSS) vulnerability in the FundRaiserEditor.php component of ChurchCRM v4.5.3 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload.
Churchcrm Churchcrm 4.5.3
NA
CVE-2023-26841
A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3 allows malicious users to change any user's password except for the user that is currently logged in.
Churchcrm Churchcrm 4.5.3
NA
CVE-2023-26842
A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote malicious users to inject arbitrary web script or HTML via the OptionManager.php.
Churchcrm Churchcrm 4.5.3
NA
CVE-2023-26855
The hashing algorithm of ChurchCRM v4.5.3 utilizes a non-random salt value which allows malicious users to use precomputed hash tables or dictionary attacks to crack the hashed passwords.
Churchcrm Churchcrm 4.5.3
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »