ChurchCRM is an open source CRM system for churches. ChurchCRM version v5.0.0 suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the group parameter of QueryView.php. An attacker can exploit this vulnerability to execute illegal SQL commands to steal sensitive database data.
CPE | Name | Operator | Version |
---|---|---|---|
churchcrm churchcrm v | eq | 5.0.0 |