SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote malicious user to obtain sensitive information via the group parameter within the /QueryView.php.
churchcrm churchcrm 5.0.0