Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
churchcrm vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2022-36137
ChurchCRM Version 4.4.5 has XSS vulnerabilities that allow malicious users to store XSS via location input sHeader.
Churchcrm Churchcrm 4.4.5
7.5
CVSSv3
CVE-2023-38760
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote malicious user to obtain sensitive information via the role and gender parameters within the /QueryView.php component.
Churchcrm Churchcrm 5.0.0
6.1
CVSSv3
CVE-2023-38761
Cross Site Scripting (XSS) vulnerability in ChurchCRM v.5.0.0 allows a remote malicious user to execute arbitrary code via a crafted payload to the systemSettings.php component.
Churchcrm Churchcrm 5.0.0
7.5
CVSSv3
CVE-2023-38762
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote malicious user to obtain sensitive information via the friendmonths parameter within the /QueryView.php.
Churchcrm Churchcrm 5.0.0
7.5
CVSSv3
CVE-2023-38764
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote malicious user to obtain sensitive information via the birthmonth and percls parameters within the /QueryView.php.
Churchcrm Churchcrm 5.0.0
7.5
CVSSv3
CVE-2023-38765
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote malicious user to obtain sensitive information via the membermonth parameter within the /QueryView.php.
Churchcrm Churchcrm 5.0.0
5.4
CVSSv3
CVE-2023-38766
Cross Site Scripting (XSS) vulnerability in ChurchCRM v.5.0.0 allows a remote malicious user to execute arbitrary code via a crafted payload to the PersonView.php component.
Churchcrm Churchcrm 5.0.0
7.5
CVSSv3
CVE-2023-38767
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote malicious user to obtain sensitive information via the 'value' and 'custom' parameters within the /QueryView.php.
Churchcrm Churchcrm 5.0.0
7.5
CVSSv3
CVE-2023-38768
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote malicious user to obtain sensitive information via the PropertyID parameter within the /QueryView.php.
Churchcrm Churchcrm 5.0.0
7.5
CVSSv3
CVE-2023-38769
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote malicious user to obtain sensitive information via the searchstring and searchwhat parameters within the /QueryView.php.
Churchcrm Churchcrm 5.0.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »