CVE-2023-24685

🗓️ 09 Feb 2023 00:00:00Reported by mitreType

cve

cve🔗 web.nvd.nist.gov👁 54 Views🌐 WEB

ChurchCRM v4.5.3 SQL injection vulnerabilit

Reporter	Title	Published	Views	Family All 10
ATTACKERKB	CVE-2023-24787	23 Mar 202322:15	–	attackerkb
CNNVD	ChurchCRM SQL注入漏洞	9 Feb 202300:00	–	cnnvd
Cvelist	CVE-2023-24685	9 Feb 202300:00	–	cvelist
Exploit DB	ChurchCRM v4.5.3 - Authenticated SQL Injection	27 Apr 202300:00	–	exploitdb
EUVD	EUVD-2023-28695	3 Oct 202520:07	–	euvd
NVD	CVE-2023-24685	9 Feb 202322:15	–	nvd
Packet Storm	ChurchCRM 4.5.3 SQL Injection	27 Apr 202300:00	–	packetstorm
Prion	Sql injection	9 Feb 202322:15	–	prion
RedhatCVE	CVE-2023-24685	23 May 202503:22	–	redhatcve
Vulnrichment	CVE-2023-24685	9 Feb 202300:00	–	vulnrichment

NVD

Node

churchcrm churchcrmRange≤4.5.3

Source	Link
packetstormsecurity	www.packetstormsecurity.com/files/172047/ChurchCRM-4.5.3-SQL-Injection.html
github	www.github.com/ChurchCRM/CRM/
churchcrm	www.churchcrm.io/
github	www.github.com/blakduk/Advisories/blob/main/ChurchCRM/README.md
github	www.github.com/ChurchCRM/CRM/issues/6441

Parameter	Position	Path	Description	CWE
Event	query param	EventAttendance.php?Action=List&Event=2+UNION+ALL+SELECT+1,NULL,CONCAT(%27Perseverance%27,usr_Username,%27:%27,usr_Password),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL+from+user_usr--+-&Type=Sunday%20School	SQL injection via Event parameter in Event Attendance reports module (CVE-2023-24685)	CWE-89

24 Mar 2025 19:15Current

7.2High risk

Vulners AI Score7.2

CVSS 3.17.2

EPSS0.00439

SSVC

churchcrm v4.5.3 sql injection vulnerability event attendance reports nvd cve-2023-24685