ChurchCRM is an open source CRM system for churches. ChurchCRM version v5.0.0 suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the birthmonth and percls parameters in /QueryView.php. An attacker can exploit this vulnerability to execute illegal SQL commands to steal sensitive database data.
CPE | Name | Operator | Version |
---|---|---|---|
netgear dgn3500 1. | eq | 1.00.37 |