Lucene search

K

Churchinfo Security Vulnerabilities

cve
cve

CVE-2021-43258

CartView.php in ChurchInfo 1.3.0 allows attackers to achieve remote code execution through insecure uploads. This requires authenticated access tot he ChurchInfo application. Once authenticated, a user can add names to their cart, and compose an email. Uploading an attachment for the email stores.....

8.8CVSS

8.8AI Score

0.059EPSS

2022-11-23 07:15 PM
23
2
cve
cve

CVE-2005-2474

ChurchInfo allows remote attackers to execute obtain sensitive information via the PersonID parameter to (1) PersonView.php, (2) MemberRoleChange.php, (3) PropertyAssign.php, (4) WhyCameEditor.php, (5) GroupPropsEditor.php, (6) Reports/PDFLabel.php, or (7) UserDelete.php, an invalid Number...

7AI Score

0.01EPSS

2005-08-05 04:00 AM
22
cve
cve

CVE-2005-2473

Multiple SQL injection vulnerabilities in ChurchInfo allow remote attackers to execute arbitrary SQL commands via the PersonID parameter to (1) PersonView.php, (2) MemberRoleChange.php, (3) PropertyAssign.php, (4) WhyCameEditor.php, (5) GroupPropsEditor.php, (6) Reports/PDFLabel.php, or (7)...

8.9AI Score

0.007EPSS

2005-08-05 04:00 AM
25