Lucene search

GoogleOSV:CVE-2023-29842

HistoryMay 04, 2023 - 3:15 a.m.

CVE-2023-29842

2023-05-0403:15:09

Google

osv.dev

churchcrm 4.5.4

blind sql injection

time-based

en_tyid

editeventtypes.php

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.4 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

77.0%

JSON

ChurchCRM 4.5.4 endpoint /EditEventTypes.php is vulnerable to Blind SQL Injection (Time-based) via the EN_tyid POST parameter.

CPENameOperatorVersion
crmeq3.2.0
crmeq4.0.4
crmeq4.0.3
crmeq2.1.4
crmeq2.1.5
crmeq3.2.4
crmeq4.3.0
crmeq3.0.13
crmeq4.3.1
crmeq2.7.4

Name	Operator	Version
crm	eq	3.2.0
crm	eq	4.0.4
crm	eq	4.0.3
crm	eq	2.1.4
crm	eq	2.1.5
crm	eq	3.2.4
crm	eq	4.3.0
crm	eq	3.0.13
crm	eq	4.3.1
crm	eq	2.7.4

Rows per page:

1-10 of 1301

References

packetstormsecurity.com/files/175105/ChurchCRM-4.5.4-SQL-Injection.html

github.com/arvandy/CVE/blob/main/CVE-2023-29842/CVE-2023-29842.md

github.com/arvandy/CVE/blob/main/CVE-2023-29842/CVE-2023-29842.py

github.com/ChurchCRM/CRM

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.4 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

77.0%

JSON

Related for OSV:CVE-2023-29842