Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
churchcrm vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2020-28848
CSV Injection vulnerability in ChurchCRM version 4.2.0, allows remote malicious users to execute arbitrary code via crafted CSV file.
Churchcrm Churchcrm 4.2.0
8.8
CVSSv3
CVE-2023-29842
ChurchCRM 4.5.4 endpoint /EditEventTypes.php is vulnerable to Blind SQL Injection (Time-based) via the EN_tyid POST parameter.
Churchcrm Churchcrm 4.5.4
8.8
CVSSv3
CVE-2021-41965
A SQL injection vulnerability exists in ChurchCRM version 2.0.0 to 4.4.5 that allows an authenticated malicious user to issue an arbitrary SQL command to the database through the unsanitized EN_tyid, theID and EID fields used when an Edit action on an existing record is being per...
Churchcrm Churchcrm
7.8
CVSSv3
CVE-2023-25348
ChurchCRM 4.5.3 exists to contain a CSV injection vulnerability via the Last Name and First Name input fields when creating a new person. These vulnerabilities allow malicious users to execute arbitrary code via a crafted excel file.
Churchcrm Churchcrm 4.5.3
7.5
CVSSv3
CVE-2023-38760
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote malicious user to obtain sensitive information via the role and gender parameters within the /QueryView.php component.
Churchcrm Churchcrm 5.0.0
7.5
CVSSv3
CVE-2023-38762
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote malicious user to obtain sensitive information via the friendmonths parameter within the /QueryView.php.
Churchcrm Churchcrm 5.0.0
7.5
CVSSv3
CVE-2023-38764
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote malicious user to obtain sensitive information via the birthmonth and percls parameters within the /QueryView.php.
Churchcrm Churchcrm 5.0.0
7.5
CVSSv3
CVE-2023-38765
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote malicious user to obtain sensitive information via the membermonth parameter within the /QueryView.php.
Churchcrm Churchcrm 5.0.0
7.5
CVSSv3
CVE-2023-38767
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote malicious user to obtain sensitive information via the 'value' and 'custom' parameters within the /QueryView.php.
Churchcrm Churchcrm 5.0.0
7.5
CVSSv3
CVE-2023-38768
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote malicious user to obtain sensitive information via the PropertyID parameter within the /QueryView.php.
Churchcrm Churchcrm 5.0.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »