ChurchCRM is an open source CRM system for churches. ChurchCRM version 4.5.4 suffers from a SQL injection vulnerability that stems from a lack of validation of the EN_tyid parameter against externally entered SQL statements. An attacker can exploit this vulnerability to execute illegal SQL commands to steal sensitive database data.
CPE | Name | Operator | Version |
---|---|---|---|
churchcrm churchcrm | eq | 4.5.4 |