6 matches found
ChurchCRM 4.4.5 SQL Injection
Title: ChurchCRM 4.4.5 SQLi session hijacking L2 Author: nu11secur1ty Date: 05.11.2022 Vendor: https://churchcrm.io/ Software: https://github.com/ChurchCRM/CRM Reference: https://github.com/nu11secur1ty/CVE-mitre/tree/main/2022/CVE-2022-31325 Description: There is a SQL Injection PWN cookie...
ChurchCRM 4.4.5 - SQLi
Exploit Title: ChurchCRM 4.4.5 - SQLi Exploit Author: nu11secur1ty Date: 05.11.2022 Vendor: https://churchcrm.io/ Software: https://github.com/ChurchCRM/CRM Reference: https://github.com/nu11secur1ty/CVE-mitre/tree/main/2022/CVE-2022-31325 Description: There is a SQL Injection vulnerability in...
ChurchCRM 4.4.5 SQL injection session hijacking Vulnerability
Title: ChurchCRM 4.4.5 SQLi session hijacking L2 Author: nu11secur1ty Date: 05.11.2022 Vendor: https://churchcrm.io/ Software: https://github.com/ChurchCRM/CRM Reference: https://github.com/nu11secur1ty/CVE-mitre/tree/main/2022/CVE-2022-31325 Description: There is a SQL Injection hijacking sessio...
CVE-2022-31325
creationtimestamp| type| source ---|---|--- 2022-06-08 20:32:23+00:00| seen| https://t.me/cibsecurity/44044...
CVE-2022-31325
There is a SQL Injection vulnerability in ChurchCRM 4.4.5 via the 'PersonID' field in /churchcrm/WhyCameEditor.php...
CVE-2022-31325
CVE-2022-31325 affects ChurchCRM 4.4.5, with a SQL Injection in the WhyCameEditor.php endpoint via the PersonID parameter. Multiple sources describe unauthenticated or authenticated-exposed risks and show typical payloads, indicating potential data disclosure. Several connected items emphasize th...