Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
churchcrm vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2023-24684
ChurchCRM v4.5.3 and below exists to contain a SQL injection vulnerability via the EID parameter at GetText.php.
Churchcrm Churchcrm
7.2
CVSSv3
CVE-2023-24685
ChurchCRM v4.5.3 and below exists to contain a SQL injection vulnerability via the Event parameter under the Event Attendance reports module.
Churchcrm Churchcrm
4.8
CVSSv3
CVE-2023-24686
An issue in the CSV Import function of ChurchCRM v4.5.3 and below allows malicious users to execute arbitrary code via importing a crafted CSV file.
Churchcrm Churchcrm
5.4
CVSSv3
CVE-2023-24690
ChurchCRM 4.5.3 and below exists to contain a stored cross-site scripting (XSS) vulnerability at /api/public/register/family.
Churchcrm Churchcrm
5.4
CVSSv3
CVE-2020-28849
Cross Site Scripting (XSS) vulnerability in ChurchCRM version 4.2.1, allows remote attckers to execute arbitrary code and gain sensitive information via crafted payload in Add New Deposit field in View All Deposit module.
Churchcrm Churchcrm
8.8
CVSSv3
CVE-2021-41965
A SQL injection vulnerability exists in ChurchCRM version 2.0.0 to 4.4.5 that allows an authenticated malicious user to issue an arbitrary SQL command to the database through the unsanitized EN_tyid, theID and EID fields used when an Edit action on an existing record is being per...
Churchcrm Churchcrm
5.3
CVSSv3
CVE-2023-26840
A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3 allows malicious users to set a person to a user and set that user to be an Administrator.
Churchcrm Churchcrm 4.5.3
6.5
CVSSv3
CVE-2023-26841
A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3 allows malicious users to change any user's password except for the user that is currently logged in.
Churchcrm Churchcrm 4.5.3
5.4
CVSSv3
CVE-2023-26842
A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote malicious users to inject arbitrary web script or HTML via the OptionManager.php.
Churchcrm Churchcrm 4.5.3
5.4
CVSSv3
CVE-2023-26843
A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote malicious users to inject arbitrary web script or HTML via the NoteEditor.php.
Churchcrm Churchcrm 4.5.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700
CVE-2022-48689
CVE-2024-27956
CVE-2023-6363
SQL
NULL pointer dereference
CVE-2023-41830
CVE-2015-2051
arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »