9.5 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.007 Low
EPSS
Percentile
79.5%
Multiple SQL injection vulnerabilities in ChurchInfo allow remote attackers to execute arbitrary SQL commands via the PersonID parameter to (1) PersonView.php, (2) MemberRoleChange.php, (3) PropertyAssign.php, (4) WhyCameEditor.php, (5) GroupPropsEditor.php, (6) Reports/PDFLabel.php, or (7) UserDelete.php, (8) DepositSlipID parameter to DepositSlipEditor.php, (9) QueryID parameter to QueryView.php, GroupID parameter to (10) GroupView.php, (11) GroupMemberList.php, (12) MemberRoleChange.php, (13) GroupDelete.php, (14) /Reports/ClassAttendance.php, or (15) /Reports/GroupReport.php, (16) PropertyID parameter to PropertyEditor.php, FamilyID parameter to (17) Canvas05Editor.php, (18) CanvasEditor.php, or (19) FamilyView.php, or (20) PledgeID parameter to PledgeDetails.php.
marc.info/?l=bugtraq&m=112291550713546&w=2
secunia.com/advisories/16292
securitytracker.com/id?1014617
www.osvdb.org/18408
www.osvdb.org/18409
www.osvdb.org/18410
www.osvdb.org/18411
www.osvdb.org/18412
www.osvdb.org/18413
www.osvdb.org/18414
www.osvdb.org/18415
www.osvdb.org/18416
www.osvdb.org/18417
www.osvdb.org/18418
www.osvdb.org/18419
www.osvdb.org/18420
www.osvdb.org/18421
www.osvdb.org/18422
www.osvdb.org/18423
www.osvdb.org/18424
www.osvdb.org/18427
www.osvdb.org/18428
www.securityfocus.com/bid/14438
exchange.xforce.ibmcloud.com/vulnerabilities/21647