Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
churchcrm churchcrm vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2023-24685
ChurchCRM v4.5.3 and below exists to contain a SQL injection vulnerability via the Event parameter under the Event Attendance reports module.
Churchcrm Churchcrm
7.2
CVSSv3
CVE-2023-24684
ChurchCRM v4.5.3 and below exists to contain a SQL injection vulnerability via the EID parameter at GetText.php.
Churchcrm Churchcrm
8.8
CVSSv3
CVE-2021-41965
A SQL injection vulnerability exists in ChurchCRM version 2.0.0 to 4.4.5 that allows an authenticated malicious user to issue an arbitrary SQL command to the database through the unsanitized EN_tyid, theID and EID fields used when an Edit action on an existing record is being per...
Churchcrm Churchcrm
5.4
CVSSv3
CVE-2020-28849
Cross Site Scripting (XSS) vulnerability in ChurchCRM version 4.2.1, allows remote attckers to execute arbitrary code and gain sensitive information via crafted payload in Add New Deposit field in View All Deposit module.
Churchcrm Churchcrm
4.8
CVSSv3
CVE-2023-24686
An issue in the CSV Import function of ChurchCRM v4.5.3 and below allows malicious users to execute arbitrary code via importing a crafted CSV file.
Churchcrm Churchcrm
5.4
CVSSv3
CVE-2023-24690
ChurchCRM 4.5.3 and below exists to contain a stored cross-site scripting (XSS) vulnerability at /api/public/register/family.
Churchcrm Churchcrm
5.4
CVSSv3
CVE-2023-31548
A stored Cross-site scripting (XSS) vulnerability in the FundRaiserEditor.php component of ChurchCRM v4.5.3 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload.
Churchcrm Churchcrm 4.5.3
6.5
CVSSv3
CVE-2023-26841
A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3 allows malicious users to change any user's password except for the user that is currently logged in.
Churchcrm Churchcrm 4.5.3
5.4
CVSSv3
CVE-2023-26842
A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote malicious users to inject arbitrary web script or HTML via the OptionManager.php.
Churchcrm Churchcrm 4.5.3
7.5
CVSSv3
CVE-2023-26855
The hashing algorithm of ChurchCRM v4.5.3 utilizes a non-random salt value which allows malicious users to use precomputed hash tables or dictionary attacks to crack the hashed passwords.
Churchcrm Churchcrm 4.5.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »