Search...

ChurchInfo MemberRoleChange.php Multiple Variable SQL Injection

2005-08-01T08:17:46

ID OSVDB:18418
Type osvdb
Reporter thegreatone2176(thegreatone2176@yahoo.com)
Modified 2005-08-01T08:17:46

Description

Vulnerability Description

ChurchInfo contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the MemebrRoleChange.php script not properly sanitizing user-supplied input to the 'GroupID' and 'PersonID' variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.

Solution Description

Upgrade to version 1.2.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

References:

JSON Vulners Source

Initial Source

{"type": "osvdb", "published": "2005-08-01T08:17:46", "href": "https://vulners.com/osvdb/OSVDB:18418", "hashmap": [{"key": "affectedSoftware", "hash": "7a96841b56bc701af4bda14f591f6b5f"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "fd47caf54a56634ac70254e1641a1840"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "e49a99f32af12d5bb3bb43ab9082ae16"}, {"key": "href", "hash": "ddaefe860703949d771fc2c84548c085"}, {"key": "modified", "hash": "11a476d7a9ce820cfdb519fa4260b0f4"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "11a476d7a9ce820cfdb519fa4260b0f4"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "827515c025d0dfca3799c3d503e132ef"}, {"key": "title", "hash": "e8917cf6eb4d287981d37e769f41e252"}, {"key": "type", "hash": "1327ac71f7914948578f08c54f772b10"}], "bulletinFamily": "software", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 7.5}, "viewCount": 0, "history": [], "edition": 1, "objectVersion": "1.2", "reporter": "thegreatone2176(thegreatone2176@yahoo.com)", "title": "ChurchInfo MemberRoleChange.php Multiple Variable SQL Injection", "affectedSoftware": [{"operator": "eq", "version": "1.2.2", "name": "ChurchInfo"}], "enchantments": {"score": {"value": 7.1, "vector": "NONE", "modified": "2017-04-28T13:20:14"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2005-2473"]}, {"type": "osvdb", "idList": ["OSVDB:18424", "OSVDB:18422", "OSVDB:18420", "OSVDB:18419", "OSVDB:18408", "OSVDB:18411", "OSVDB:18413", "OSVDB:18423", "OSVDB:18421", "OSVDB:18427"]}], "modified": "2017-04-28T13:20:14"}, "vulnersScore": 7.1}, "references": [], "id": "OSVDB:18418", "hash": "a38497190b6f53a4fa70ca6b05a30eaba6f4ffb999820d7376189431f8e1c1d4", "lastseen": "2017-04-28T13:20:14", "cvelist": ["CVE-2005-2473"], "modified": "2005-08-01T08:17:46", "description": "## Vulnerability Description\nChurchInfo contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the MemebrRoleChange.php script not properly sanitizing user-supplied input to the 'GroupID' and 'PersonID' variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nUpgrade to version 1.2.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nChurchInfo contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the MemebrRoleChange.php script not properly sanitizing user-supplied input to the 'GroupID' and 'PersonID' variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://www.churchdb.org/\n[Secunia Advisory ID:16292](https://secuniaresearch.flexerasoftware.com/advisories/16292/)\n[Related OSVDB ID: 18410](https://vulners.com/osvdb/OSVDB:18410)\n[Related OSVDB ID: 18422](https://vulners.com/osvdb/OSVDB:18422)\n[Related OSVDB ID: 18424](https://vulners.com/osvdb/OSVDB:18424)\n[Related OSVDB ID: 18408](https://vulners.com/osvdb/OSVDB:18408)\n[Related OSVDB ID: 18409](https://vulners.com/osvdb/OSVDB:18409)\n[Related OSVDB ID: 18412](https://vulners.com/osvdb/OSVDB:18412)\n[Related OSVDB ID: 18414](https://vulners.com/osvdb/OSVDB:18414)\n[Related OSVDB ID: 18417](https://vulners.com/osvdb/OSVDB:18417)\n[Related OSVDB ID: 18419](https://vulners.com/osvdb/OSVDB:18419)\n[Related OSVDB ID: 18421](https://vulners.com/osvdb/OSVDB:18421)\n[Related OSVDB ID: 18425](https://vulners.com/osvdb/OSVDB:18425)\n[Related OSVDB ID: 18428](https://vulners.com/osvdb/OSVDB:18428)\n[Related OSVDB ID: 18429](https://vulners.com/osvdb/OSVDB:18429)\n[Related OSVDB ID: 18411](https://vulners.com/osvdb/OSVDB:18411)\n[Related OSVDB ID: 18413](https://vulners.com/osvdb/OSVDB:18413)\n[Related OSVDB ID: 18420](https://vulners.com/osvdb/OSVDB:18420)\n[Related OSVDB ID: 18423](https://vulners.com/osvdb/OSVDB:18423)\n[Related OSVDB ID: 18415](https://vulners.com/osvdb/OSVDB:18415)\n[Related OSVDB ID: 18416](https://vulners.com/osvdb/OSVDB:18416)\n[Related OSVDB ID: 18426](https://vulners.com/osvdb/OSVDB:18426)\n[Related OSVDB ID: 18427](https://vulners.com/osvdb/OSVDB:18427)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-08/0007.html\n[CVE-2005-2473](https://vulners.com/cve/CVE-2005-2473)\n"}

{"cve": [{"lastseen": "2019-05-29T18:08:14", "bulletinFamily": "NVD", "description": "Multiple SQL injection vulnerabilities in ChurchInfo allow remote attackers to execute arbitrary SQL commands via the PersonID parameter to (1) PersonView.php, (2) MemberRoleChange.php, (3) PropertyAssign.php, (4) WhyCameEditor.php, (5) GroupPropsEditor.php, (6) Reports/PDFLabel.php, or (7) UserDelete.php, (8) DepositSlipID parameter to DepositSlipEditor.php, (9) QueryID parameter to QueryView.php, GroupID parameter to (10) GroupView.php, (11) GroupMemberList.php, (12) MemberRoleChange.php, (13) GroupDelete.php, (14) /Reports/ClassAttendance.php, or (15) /Reports/GroupReport.php, (16) PropertyID parameter to PropertyEditor.php, FamilyID parameter to (17) Canvas05Editor.php, (18) CanvasEditor.php, or (19) FamilyView.php, or (20) PledgeID parameter to PledgeDetails.php.", "modified": "2017-07-11T01:32:00", "id": "CVE-2005-2473", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2473", "published": "2005-08-05T04:00:00", "title": "CVE-2005-2473", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:14", "bulletinFamily": "software", "description": "## Vulnerability Description\nChurchInfo contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the PledgeDetails.php script not properly sanitizing user-supplied input to the 'PledgeID' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nUpgrade to version 1.2.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nChurchInfo contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the PledgeDetails.php script not properly sanitizing user-supplied input to the 'PledgeID' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://www.churchdb.org/\n[Secunia Advisory ID:16292](https://secuniaresearch.flexerasoftware.com/advisories/16292/)\n[Related OSVDB ID: 18410](https://vulners.com/osvdb/OSVDB:18410)\n[Related OSVDB ID: 18422](https://vulners.com/osvdb/OSVDB:18422)\n[Related OSVDB ID: 18424](https://vulners.com/osvdb/OSVDB:18424)\n[Related OSVDB ID: 18408](https://vulners.com/osvdb/OSVDB:18408)\n[Related OSVDB ID: 18409](https://vulners.com/osvdb/OSVDB:18409)\n[Related OSVDB ID: 18412](https://vulners.com/osvdb/OSVDB:18412)\n[Related OSVDB ID: 18414](https://vulners.com/osvdb/OSVDB:18414)\n[Related OSVDB ID: 18417](https://vulners.com/osvdb/OSVDB:18417)\n[Related OSVDB ID: 18418](https://vulners.com/osvdb/OSVDB:18418)\n[Related OSVDB ID: 18419](https://vulners.com/osvdb/OSVDB:18419)\n[Related OSVDB ID: 18425](https://vulners.com/osvdb/OSVDB:18425)\n[Related OSVDB ID: 18428](https://vulners.com/osvdb/OSVDB:18428)\n[Related OSVDB ID: 18429](https://vulners.com/osvdb/OSVDB:18429)\n[Related OSVDB ID: 18411](https://vulners.com/osvdb/OSVDB:18411)\n[Related OSVDB ID: 18413](https://vulners.com/osvdb/OSVDB:18413)\n[Related OSVDB ID: 18420](https://vulners.com/osvdb/OSVDB:18420)\n[Related OSVDB ID: 18423](https://vulners.com/osvdb/OSVDB:18423)\n[Related OSVDB ID: 18415](https://vulners.com/osvdb/OSVDB:18415)\n[Related OSVDB ID: 18416](https://vulners.com/osvdb/OSVDB:18416)\n[Related OSVDB ID: 18426](https://vulners.com/osvdb/OSVDB:18426)\n[Related OSVDB ID: 18427](https://vulners.com/osvdb/OSVDB:18427)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-08/0007.html\n[CVE-2005-2473](https://vulners.com/cve/CVE-2005-2473)\n", "modified": "2005-08-01T08:17:46", "published": "2005-08-01T08:17:46", "href": "https://vulners.com/osvdb/OSVDB:18421", "id": "OSVDB:18421", "type": "osvdb", "title": "ChurchInfo PledgeDetails.php PledgeID Variable SQL Injection", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:14", "bulletinFamily": "software", "description": "## Vulnerability Description\nChurchInfo contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the PropertyEditor.php script not properly sanitizing user-supplied input to the 'PropertyID' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nUpgrade to version 1.2.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nChurchInfo contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the PropertyEditor.php script not properly sanitizing user-supplied input to the 'PropertyID' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://www.churchdb.org/\n[Secunia Advisory ID:16292](https://secuniaresearch.flexerasoftware.com/advisories/16292/)\n[Related OSVDB ID: 18410](https://vulners.com/osvdb/OSVDB:18410)\n[Related OSVDB ID: 18422](https://vulners.com/osvdb/OSVDB:18422)\n[Related OSVDB ID: 18424](https://vulners.com/osvdb/OSVDB:18424)\n[Related OSVDB ID: 18408](https://vulners.com/osvdb/OSVDB:18408)\n[Related OSVDB ID: 18409](https://vulners.com/osvdb/OSVDB:18409)\n[Related OSVDB ID: 18412](https://vulners.com/osvdb/OSVDB:18412)\n[Related OSVDB ID: 18414](https://vulners.com/osvdb/OSVDB:18414)\n[Related OSVDB ID: 18417](https://vulners.com/osvdb/OSVDB:18417)\n[Related OSVDB ID: 18418](https://vulners.com/osvdb/OSVDB:18418)\n[Related OSVDB ID: 18419](https://vulners.com/osvdb/OSVDB:18419)\n[Related OSVDB ID: 18421](https://vulners.com/osvdb/OSVDB:18421)\n[Related OSVDB ID: 18425](https://vulners.com/osvdb/OSVDB:18425)\n[Related OSVDB ID: 18428](https://vulners.com/osvdb/OSVDB:18428)\n[Related OSVDB ID: 18429](https://vulners.com/osvdb/OSVDB:18429)\n[Related OSVDB ID: 18411](https://vulners.com/osvdb/OSVDB:18411)\n[Related OSVDB ID: 18413](https://vulners.com/osvdb/OSVDB:18413)\n[Related OSVDB ID: 18420](https://vulners.com/osvdb/OSVDB:18420)\n[Related OSVDB ID: 18415](https://vulners.com/osvdb/OSVDB:18415)\n[Related OSVDB ID: 18416](https://vulners.com/osvdb/OSVDB:18416)\n[Related OSVDB ID: 18426](https://vulners.com/osvdb/OSVDB:18426)\n[Related OSVDB ID: 18427](https://vulners.com/osvdb/OSVDB:18427)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-08/0007.html\n[CVE-2005-2473](https://vulners.com/cve/CVE-2005-2473)\n", "modified": "2005-08-01T08:17:46", "published": "2005-08-01T08:17:46", "href": "https://vulners.com/osvdb/OSVDB:18423", "id": "OSVDB:18423", "type": "osvdb", "title": "ChurchInfo PropertyEditor.php PropertyID Variable SQL Injection", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:14", "bulletinFamily": "software", "description": "## Vulnerability Description\nChurchInfo contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the GroupDelete.php script not properly sanitizing user-supplied input to the 'GroupID' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nUpgrade to version 1.2.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nChurchInfo contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the GroupDelete.php script not properly sanitizing user-supplied input to the 'GroupID' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://www.churchdb.org/\n[Secunia Advisory ID:16292](https://secuniaresearch.flexerasoftware.com/advisories/16292/)\n[Related OSVDB ID: 18410](https://vulners.com/osvdb/OSVDB:18410)\n[Related OSVDB ID: 18422](https://vulners.com/osvdb/OSVDB:18422)\n[Related OSVDB ID: 18424](https://vulners.com/osvdb/OSVDB:18424)\n[Related OSVDB ID: 18408](https://vulners.com/osvdb/OSVDB:18408)\n[Related OSVDB ID: 18409](https://vulners.com/osvdb/OSVDB:18409)\n[Related OSVDB ID: 18412](https://vulners.com/osvdb/OSVDB:18412)\n[Related OSVDB ID: 18414](https://vulners.com/osvdb/OSVDB:18414)\n[Related OSVDB ID: 18417](https://vulners.com/osvdb/OSVDB:18417)\n[Related OSVDB ID: 18418](https://vulners.com/osvdb/OSVDB:18418)\n[Related OSVDB ID: 18419](https://vulners.com/osvdb/OSVDB:18419)\n[Related OSVDB ID: 18421](https://vulners.com/osvdb/OSVDB:18421)\n[Related OSVDB ID: 18425](https://vulners.com/osvdb/OSVDB:18425)\n[Related OSVDB ID: 18428](https://vulners.com/osvdb/OSVDB:18428)\n[Related OSVDB ID: 18429](https://vulners.com/osvdb/OSVDB:18429)\n[Related OSVDB ID: 18411](https://vulners.com/osvdb/OSVDB:18411)\n[Related OSVDB ID: 18420](https://vulners.com/osvdb/OSVDB:18420)\n[Related OSVDB ID: 18423](https://vulners.com/osvdb/OSVDB:18423)\n[Related OSVDB ID: 18415](https://vulners.com/osvdb/OSVDB:18415)\n[Related OSVDB ID: 18416](https://vulners.com/osvdb/OSVDB:18416)\n[Related OSVDB ID: 18426](https://vulners.com/osvdb/OSVDB:18426)\n[Related OSVDB ID: 18427](https://vulners.com/osvdb/OSVDB:18427)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-08/0007.html\n[CVE-2005-2473](https://vulners.com/cve/CVE-2005-2473)\n", "modified": "2005-08-01T08:17:46", "published": "2005-08-01T08:17:46", "href": "https://vulners.com/osvdb/OSVDB:18413", "id": "OSVDB:18413", "type": "osvdb", "title": "ChurchInfo GroupDelete.php GroupID Variable SQL Injection", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:14", "bulletinFamily": "software", "description": "## Vulnerability Description\nChurchInfo contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the Canvas05Editor.php script not properly sanitizing user-supplied input to the 'FamilyID' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nUpgrade to version 1.2.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nChurchInfo contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the Canvas05Editor.php script not properly sanitizing user-supplied input to the 'FamilyID' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://www.churchdb.org/\n[Secunia Advisory ID:16292](https://secuniaresearch.flexerasoftware.com/advisories/16292/)\n[Related OSVDB ID: 18410](https://vulners.com/osvdb/OSVDB:18410)\n[Related OSVDB ID: 18422](https://vulners.com/osvdb/OSVDB:18422)\n[Related OSVDB ID: 18424](https://vulners.com/osvdb/OSVDB:18424)\n[Related OSVDB ID: 18409](https://vulners.com/osvdb/OSVDB:18409)\n[Related OSVDB ID: 18412](https://vulners.com/osvdb/OSVDB:18412)\n[Related OSVDB ID: 18414](https://vulners.com/osvdb/OSVDB:18414)\n[Related OSVDB ID: 18417](https://vulners.com/osvdb/OSVDB:18417)\n[Related OSVDB ID: 18418](https://vulners.com/osvdb/OSVDB:18418)\n[Related OSVDB ID: 18419](https://vulners.com/osvdb/OSVDB:18419)\n[Related OSVDB ID: 18421](https://vulners.com/osvdb/OSVDB:18421)\n[Related OSVDB ID: 18425](https://vulners.com/osvdb/OSVDB:18425)\n[Related OSVDB ID: 18428](https://vulners.com/osvdb/OSVDB:18428)\n[Related OSVDB ID: 18429](https://vulners.com/osvdb/OSVDB:18429)\n[Related OSVDB ID: 18411](https://vulners.com/osvdb/OSVDB:18411)\n[Related OSVDB ID: 18413](https://vulners.com/osvdb/OSVDB:18413)\n[Related OSVDB ID: 18420](https://vulners.com/osvdb/OSVDB:18420)\n[Related OSVDB ID: 18423](https://vulners.com/osvdb/OSVDB:18423)\n[Related OSVDB ID: 18415](https://vulners.com/osvdb/OSVDB:18415)\n[Related OSVDB ID: 18416](https://vulners.com/osvdb/OSVDB:18416)\n[Related OSVDB ID: 18426](https://vulners.com/osvdb/OSVDB:18426)\n[Related OSVDB ID: 18427](https://vulners.com/osvdb/OSVDB:18427)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-08/0007.html\n[CVE-2005-2473](https://vulners.com/cve/CVE-2005-2473)\n", "modified": "2005-08-01T08:17:46", "published": "2005-08-01T08:17:46", "href": "https://vulners.com/osvdb/OSVDB:18408", "id": "OSVDB:18408", "type": "osvdb", "title": "ChurchInfo Canvas05Editor.php FamilyID Variable SQL Injection", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:14", "bulletinFamily": "software", "description": "## Vulnerability Description\nChurchInfo contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the PDFLabel.php script not properly sanitizing user-supplied input to the 'PersonID' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nChurchInfo contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the PDFLabel.php script not properly sanitizing user-supplied input to the 'PersonID' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://www.churchdb.org/\n[Secunia Advisory ID:16292](https://secuniaresearch.flexerasoftware.com/advisories/16292/)\n[Related OSVDB ID: 18410](https://vulners.com/osvdb/OSVDB:18410)\n[Related OSVDB ID: 18422](https://vulners.com/osvdb/OSVDB:18422)\n[Related OSVDB ID: 18424](https://vulners.com/osvdb/OSVDB:18424)\n[Related OSVDB ID: 18408](https://vulners.com/osvdb/OSVDB:18408)\n[Related OSVDB ID: 18409](https://vulners.com/osvdb/OSVDB:18409)\n[Related OSVDB ID: 18412](https://vulners.com/osvdb/OSVDB:18412)\n[Related OSVDB ID: 18414](https://vulners.com/osvdb/OSVDB:18414)\n[Related OSVDB ID: 18417](https://vulners.com/osvdb/OSVDB:18417)\n[Related OSVDB ID: 18418](https://vulners.com/osvdb/OSVDB:18418)\n[Related OSVDB ID: 18421](https://vulners.com/osvdb/OSVDB:18421)\n[Related OSVDB ID: 18425](https://vulners.com/osvdb/OSVDB:18425)\n[Related OSVDB ID: 18428](https://vulners.com/osvdb/OSVDB:18428)\n[Related OSVDB ID: 18429](https://vulners.com/osvdb/OSVDB:18429)\n[Related OSVDB ID: 18411](https://vulners.com/osvdb/OSVDB:18411)\n[Related OSVDB ID: 18413](https://vulners.com/osvdb/OSVDB:18413)\n[Related OSVDB ID: 18420](https://vulners.com/osvdb/OSVDB:18420)\n[Related OSVDB ID: 18423](https://vulners.com/osvdb/OSVDB:18423)\n[Related OSVDB ID: 18415](https://vulners.com/osvdb/OSVDB:18415)\n[Related OSVDB ID: 18416](https://vulners.com/osvdb/OSVDB:18416)\n[Related OSVDB ID: 18426](https://vulners.com/osvdb/OSVDB:18426)\n[Related OSVDB ID: 18427](https://vulners.com/osvdb/OSVDB:18427)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-08/0007.html\n[CVE-2005-2473](https://vulners.com/cve/CVE-2005-2473)\n", "modified": "2005-08-01T08:17:46", "published": "2005-08-01T08:17:46", "href": "https://vulners.com/osvdb/OSVDB:18419", "id": "OSVDB:18419", "type": "osvdb", "title": "ChurchInfo PDFLabel.php PersonID Variable SQL Injection", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:14", "bulletinFamily": "software", "description": "## Vulnerability Description\nChurchInfo contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the PropertyAssign.php script not properly sanitizing user-supplied input to the 'PersonID' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nUpgrade to version 1.2.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nChurchInfo contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the PropertyAssign.php script not properly sanitizing user-supplied input to the 'PersonID' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://www.churchdb.org/\n[Secunia Advisory ID:16292](https://secuniaresearch.flexerasoftware.com/advisories/16292/)\n[Related OSVDB ID: 18410](https://vulners.com/osvdb/OSVDB:18410)\n[Related OSVDB ID: 18424](https://vulners.com/osvdb/OSVDB:18424)\n[Related OSVDB ID: 18408](https://vulners.com/osvdb/OSVDB:18408)\n[Related OSVDB ID: 18409](https://vulners.com/osvdb/OSVDB:18409)\n[Related OSVDB ID: 18412](https://vulners.com/osvdb/OSVDB:18412)\n[Related OSVDB ID: 18414](https://vulners.com/osvdb/OSVDB:18414)\n[Related OSVDB ID: 18417](https://vulners.com/osvdb/OSVDB:18417)\n[Related OSVDB ID: 18418](https://vulners.com/osvdb/OSVDB:18418)\n[Related OSVDB ID: 18419](https://vulners.com/osvdb/OSVDB:18419)\n[Related OSVDB ID: 18421](https://vulners.com/osvdb/OSVDB:18421)\n[Related OSVDB ID: 18425](https://vulners.com/osvdb/OSVDB:18425)\n[Related OSVDB ID: 18428](https://vulners.com/osvdb/OSVDB:18428)\n[Related OSVDB ID: 18429](https://vulners.com/osvdb/OSVDB:18429)\n[Related OSVDB ID: 18411](https://vulners.com/osvdb/OSVDB:18411)\n[Related OSVDB ID: 18413](https://vulners.com/osvdb/OSVDB:18413)\n[Related OSVDB ID: 18420](https://vulners.com/osvdb/OSVDB:18420)\n[Related OSVDB ID: 18423](https://vulners.com/osvdb/OSVDB:18423)\n[Related OSVDB ID: 18415](https://vulners.com/osvdb/OSVDB:18415)\n[Related OSVDB ID: 18416](https://vulners.com/osvdb/OSVDB:18416)\n[Related OSVDB ID: 18426](https://vulners.com/osvdb/OSVDB:18426)\n[Related OSVDB ID: 18427](https://vulners.com/osvdb/OSVDB:18427)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-08/0007.html\n[CVE-2005-2473](https://vulners.com/cve/CVE-2005-2473)\n", "modified": "2005-08-01T08:17:46", "published": "2005-08-01T08:17:46", "href": "https://vulners.com/osvdb/OSVDB:18422", "id": "OSVDB:18422", "type": "osvdb", "title": "ChurchInfo PropertyAssign.php PersonID Variable SQL Injection", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:14", "bulletinFamily": "software", "description": "## Vulnerability Description\nChurchInfo contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the QueryView.php script not properly sanitizing user-supplied input to the 'QueryID' and 'id' variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nUpgrade to version 1.2.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nChurchInfo contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the QueryView.php script not properly sanitizing user-supplied input to the 'QueryID' and 'id' variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://www.churchdb.org/\n[Secunia Advisory ID:16292](https://secuniaresearch.flexerasoftware.com/advisories/16292/)\n[Related OSVDB ID: 18410](https://vulners.com/osvdb/OSVDB:18410)\n[Related OSVDB ID: 18422](https://vulners.com/osvdb/OSVDB:18422)\n[Related OSVDB ID: 18408](https://vulners.com/osvdb/OSVDB:18408)\n[Related OSVDB ID: 18409](https://vulners.com/osvdb/OSVDB:18409)\n[Related OSVDB ID: 18412](https://vulners.com/osvdb/OSVDB:18412)\n[Related OSVDB ID: 18414](https://vulners.com/osvdb/OSVDB:18414)\n[Related OSVDB ID: 18417](https://vulners.com/osvdb/OSVDB:18417)\n[Related OSVDB ID: 18418](https://vulners.com/osvdb/OSVDB:18418)\n[Related OSVDB ID: 18419](https://vulners.com/osvdb/OSVDB:18419)\n[Related OSVDB ID: 18421](https://vulners.com/osvdb/OSVDB:18421)\n[Related OSVDB ID: 18425](https://vulners.com/osvdb/OSVDB:18425)\n[Related OSVDB ID: 18428](https://vulners.com/osvdb/OSVDB:18428)\n[Related OSVDB ID: 18429](https://vulners.com/osvdb/OSVDB:18429)\n[Related OSVDB ID: 18411](https://vulners.com/osvdb/OSVDB:18411)\n[Related OSVDB ID: 18413](https://vulners.com/osvdb/OSVDB:18413)\n[Related OSVDB ID: 18420](https://vulners.com/osvdb/OSVDB:18420)\n[Related OSVDB ID: 18423](https://vulners.com/osvdb/OSVDB:18423)\n[Related OSVDB ID: 18415](https://vulners.com/osvdb/OSVDB:18415)\n[Related OSVDB ID: 18416](https://vulners.com/osvdb/OSVDB:18416)\n[Related OSVDB ID: 18426](https://vulners.com/osvdb/OSVDB:18426)\n[Related OSVDB ID: 18427](https://vulners.com/osvdb/OSVDB:18427)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-08/0007.html\n[CVE-2005-2473](https://vulners.com/cve/CVE-2005-2473)\n", "modified": "2005-08-01T08:17:46", "published": "2005-08-01T08:17:46", "href": "https://vulners.com/osvdb/OSVDB:18424", "id": "OSVDB:18424", "type": "osvdb", "title": "ChurchInfo QueryView.php Multiple Variable SQL Injection", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:14", "bulletinFamily": "software", "description": "## Vulnerability Description\nChurchInfo contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the DepositSlipEditor.php script not properly sanitizing user-supplied input to the 'DepositSlipID' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nUpgrade to version 1.2.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nChurchInfo contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the DepositSlipEditor.php script not properly sanitizing user-supplied input to the 'DepositSlipID' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://www.churchdb.org/\n[Secunia Advisory ID:16292](https://secuniaresearch.flexerasoftware.com/advisories/16292/)\n[Related OSVDB ID: 18410](https://vulners.com/osvdb/OSVDB:18410)\n[Related OSVDB ID: 18422](https://vulners.com/osvdb/OSVDB:18422)\n[Related OSVDB ID: 18424](https://vulners.com/osvdb/OSVDB:18424)\n[Related OSVDB ID: 18408](https://vulners.com/osvdb/OSVDB:18408)\n[Related OSVDB ID: 18409](https://vulners.com/osvdb/OSVDB:18409)\n[Related OSVDB ID: 18412](https://vulners.com/osvdb/OSVDB:18412)\n[Related OSVDB ID: 18414](https://vulners.com/osvdb/OSVDB:18414)\n[Related OSVDB ID: 18417](https://vulners.com/osvdb/OSVDB:18417)\n[Related OSVDB ID: 18418](https://vulners.com/osvdb/OSVDB:18418)\n[Related OSVDB ID: 18419](https://vulners.com/osvdb/OSVDB:18419)\n[Related OSVDB ID: 18421](https://vulners.com/osvdb/OSVDB:18421)\n[Related OSVDB ID: 18425](https://vulners.com/osvdb/OSVDB:18425)\n[Related OSVDB ID: 18428](https://vulners.com/osvdb/OSVDB:18428)\n[Related OSVDB ID: 18429](https://vulners.com/osvdb/OSVDB:18429)\n[Related OSVDB ID: 18413](https://vulners.com/osvdb/OSVDB:18413)\n[Related OSVDB ID: 18420](https://vulners.com/osvdb/OSVDB:18420)\n[Related OSVDB ID: 18423](https://vulners.com/osvdb/OSVDB:18423)\n[Related OSVDB ID: 18415](https://vulners.com/osvdb/OSVDB:18415)\n[Related OSVDB ID: 18416](https://vulners.com/osvdb/OSVDB:18416)\n[Related OSVDB ID: 18426](https://vulners.com/osvdb/OSVDB:18426)\n[Related OSVDB ID: 18427](https://vulners.com/osvdb/OSVDB:18427)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-08/0007.html\n[CVE-2005-2473](https://vulners.com/cve/CVE-2005-2473)\n", "modified": "2005-08-01T08:17:46", "published": "2005-08-01T08:17:46", "href": "https://vulners.com/osvdb/OSVDB:18411", "id": "OSVDB:18411", "type": "osvdb", "title": "ChurchInfo DepositSlipEditor.php DepositSlipID Variable SQL Injection", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:14", "bulletinFamily": "software", "description": "## Vulnerability Description\nChurchInfo contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the PersonView.php script not properly sanitizing user-supplied input to the 'PersonID' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nUpgrade to version 1.2.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nChurchInfo contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the PersonView.php script not properly sanitizing user-supplied input to the 'PersonID' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://www.churchdb.org/\n[Secunia Advisory ID:16292](https://secuniaresearch.flexerasoftware.com/advisories/16292/)\n[Related OSVDB ID: 18410](https://vulners.com/osvdb/OSVDB:18410)\n[Related OSVDB ID: 18422](https://vulners.com/osvdb/OSVDB:18422)\n[Related OSVDB ID: 18424](https://vulners.com/osvdb/OSVDB:18424)\n[Related OSVDB ID: 18408](https://vulners.com/osvdb/OSVDB:18408)\n[Related OSVDB ID: 18409](https://vulners.com/osvdb/OSVDB:18409)\n[Related OSVDB ID: 18412](https://vulners.com/osvdb/OSVDB:18412)\n[Related OSVDB ID: 18414](https://vulners.com/osvdb/OSVDB:18414)\n[Related OSVDB ID: 18417](https://vulners.com/osvdb/OSVDB:18417)\n[Related OSVDB ID: 18418](https://vulners.com/osvdb/OSVDB:18418)\n[Related OSVDB ID: 18419](https://vulners.com/osvdb/OSVDB:18419)\n[Related OSVDB ID: 18421](https://vulners.com/osvdb/OSVDB:18421)\n[Related OSVDB ID: 18425](https://vulners.com/osvdb/OSVDB:18425)\n[Related OSVDB ID: 18428](https://vulners.com/osvdb/OSVDB:18428)\n[Related OSVDB ID: 18429](https://vulners.com/osvdb/OSVDB:18429)\n[Related OSVDB ID: 18411](https://vulners.com/osvdb/OSVDB:18411)\n[Related OSVDB ID: 18413](https://vulners.com/osvdb/OSVDB:18413)\n[Related OSVDB ID: 18423](https://vulners.com/osvdb/OSVDB:18423)\n[Related OSVDB ID: 18415](https://vulners.com/osvdb/OSVDB:18415)\n[Related OSVDB ID: 18416](https://vulners.com/osvdb/OSVDB:18416)\n[Related OSVDB ID: 18426](https://vulners.com/osvdb/OSVDB:18426)\n[Related OSVDB ID: 18427](https://vulners.com/osvdb/OSVDB:18427)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-08/0007.html\n[CVE-2005-2473](https://vulners.com/cve/CVE-2005-2473)\n", "modified": "2005-08-01T08:17:46", "published": "2005-08-01T08:17:46", "href": "https://vulners.com/osvdb/OSVDB:18420", "id": "OSVDB:18420", "type": "osvdb", "title": "ChurchInfo PersonView.php PersonID Variable SQL Injection", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:14", "bulletinFamily": "software", "description": "## Vulnerability Description\nChurchInfo contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the GroupMemberList.php script not properly sanitizing user-supplied input to the 'GroupID' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nUpgrade to version 1.2.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nChurchInfo contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the GroupMemberList.php script not properly sanitizing user-supplied input to the 'GroupID' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://www.churchdb.org/\n[Secunia Advisory ID:16292](https://secuniaresearch.flexerasoftware.com/advisories/16292/)\n[Related OSVDB ID: 18410](https://vulners.com/osvdb/OSVDB:18410)\n[Related OSVDB ID: 18422](https://vulners.com/osvdb/OSVDB:18422)\n[Related OSVDB ID: 18424](https://vulners.com/osvdb/OSVDB:18424)\n[Related OSVDB ID: 18408](https://vulners.com/osvdb/OSVDB:18408)\n[Related OSVDB ID: 18409](https://vulners.com/osvdb/OSVDB:18409)\n[Related OSVDB ID: 18412](https://vulners.com/osvdb/OSVDB:18412)\n[Related OSVDB ID: 18417](https://vulners.com/osvdb/OSVDB:18417)\n[Related OSVDB ID: 18418](https://vulners.com/osvdb/OSVDB:18418)\n[Related OSVDB ID: 18419](https://vulners.com/osvdb/OSVDB:18419)\n[Related OSVDB ID: 18421](https://vulners.com/osvdb/OSVDB:18421)\n[Related OSVDB ID: 18425](https://vulners.com/osvdb/OSVDB:18425)\n[Related OSVDB ID: 18428](https://vulners.com/osvdb/OSVDB:18428)\n[Related OSVDB ID: 18429](https://vulners.com/osvdb/OSVDB:18429)\n[Related OSVDB ID: 18411](https://vulners.com/osvdb/OSVDB:18411)\n[Related OSVDB ID: 18413](https://vulners.com/osvdb/OSVDB:18413)\n[Related OSVDB ID: 18420](https://vulners.com/osvdb/OSVDB:18420)\n[Related OSVDB ID: 18423](https://vulners.com/osvdb/OSVDB:18423)\n[Related OSVDB ID: 18415](https://vulners.com/osvdb/OSVDB:18415)\n[Related OSVDB ID: 18416](https://vulners.com/osvdb/OSVDB:18416)\n[Related OSVDB ID: 18426](https://vulners.com/osvdb/OSVDB:18426)\n[Related OSVDB ID: 18427](https://vulners.com/osvdb/OSVDB:18427)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-08/0007.html\n[CVE-2005-2473](https://vulners.com/cve/CVE-2005-2473)\n", "modified": "2005-08-01T08:17:46", "published": "2005-08-01T08:17:46", "href": "https://vulners.com/osvdb/OSVDB:18414", "id": "OSVDB:18414", "type": "osvdb", "title": "ChurchInfo GroupMemberList.php GroupID Variable SQL Injection", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}