Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
churchcrm vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2023-27059
A cross-site scripting (XSS) vulnerability in the Edit Group function of ChurchCRM v4.5.3 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Group Name text field.
Churchcrm Churchcrm 4.5.3
7.2
CVSSv3
CVE-2022-31325
There is a SQL Injection vulnerability in ChurchCRM 4.4.5 via the 'PersonID' field in /churchcrm/WhyCameEditor.php.
Churchcrm Churchcrm 4.4.5
5.4
CVSSv3
CVE-2023-26842
A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote malicious users to inject arbitrary web script or HTML via the OptionManager.php.
Churchcrm Churchcrm 4.5.3
5.4
CVSSv3
CVE-2023-26843
A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote malicious users to inject arbitrary web script or HTML via the NoteEditor.php.
Churchcrm Churchcrm 4.5.3
7.5
CVSSv3
CVE-2023-38765
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote malicious user to obtain sensitive information via the membermonth parameter within the /QueryView.php.
Churchcrm Churchcrm 5.0.0
5.4
CVSSv3
CVE-2023-38766
Cross Site Scripting (XSS) vulnerability in ChurchCRM v.5.0.0 allows a remote malicious user to execute arbitrary code via a crafted payload to the PersonView.php component.
Churchcrm Churchcrm 5.0.0
7.5
CVSSv3
CVE-2023-38767
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote malicious user to obtain sensitive information via the 'value' and 'custom' parameters within the /QueryView.php.
Churchcrm Churchcrm 5.0.0
7.5
CVSSv3
CVE-2023-38768
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote malicious user to obtain sensitive information via the PropertyID parameter within the /QueryView.php.
Churchcrm Churchcrm 5.0.0
7.5
CVSSv3
CVE-2023-38769
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote malicious user to obtain sensitive information via the searchstring and searchwhat parameters within the /QueryView.php.
Churchcrm Churchcrm 5.0.0
7.5
CVSSv3
CVE-2023-38770
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote malicious user to obtain sensitive information via the group parameter within the /QueryView.php.
Churchcrm Churchcrm 5.0.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5274
CVE-2024-35388
CVE-2024-35396
elevation of privilege
CVE-2021-47544
file upload
CVE-2021-47545
memory leak
CVE-2024-4956
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »