A SQL injection vulnerability exists in ChurchCRM version 2.0.0 to 4.4.5 that allows an authenticated malicious user to issue an arbitrary SQL command to the database through the unsanitized EN_tyid, theID and EID fields used when an Edit action on an existing record is being performed.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
churchcrm churchcrm |