PT-2024-21184 · Churchcrm · Churchcrm

Name of the Vulnerable Software and Affected Versions: ChurchCRM version 5.5.0 Description: The issue concerns a Blind SQL Injection vulnerability, specifically time-based, that can be exploited via the CurrentFundraiser GET parameter in the FRBidSheets.php file. Recommendations: For ChurchCRM...

CVE-2024-25891

ChurchCRM 5.5.0 FRBidSheets.php is vulnerable to Blind SQL Injection Time-based via the CurrentFundraiser GET parameter...

CVE-2024-25892

ChurchCRM 5.5.0 is affected by a Blind SQL Injection (time-based) in ConfirmReport.php, exploitable via the familyId GET parameter. The CVE indicates a high-severity issue with impact on confidentiality, integrity, and availability, and a network attack vector with no user interaction required. R...

CVE-2024-25891

ChurchCRM 5.5.0 is vulnerable in FRBidSheets.php to a time-based blind SQL injection via the CurrentFundraiser GET parameter. Affected component: FRBidSheets.php; vulnerability type: blind SQLi (time-based) with potential disclosure of database information. CVSS metrics indicate NETWORK access, h...

CVE-2024-25893

ChurchCRM 5.5.0 FRCertificates.php is vulnerable to Blind SQL Injection Time-based via the CurrentFundraiser GET parameter...

CVE-2024-25896

Summary: CVE-2024-25896 affects ChurchCRM 5.5.0, specifically the EventEditor.php page, where a time-based blind SQL injection can be triggered via the EID POST parameter. This is confirmed by multiple connected sources. The vulnerability is described as a time-based blind SQL injection affecting...

CVE-2024-25896

ChurchCRM 5.5.0 EventEditor.php is vulnerable to Blind SQL Injection Time-based via the EID POST parameter...

CVE-2024-25893

ChurchCRM 5.5.0 FRCertificates.php is vulnerable to Blind SQL Injection Time-based via the CurrentFundraiser GET parameter...

CVE-2024-25897

CVE-2024-25897 affects ChurchCRM 5.5.0, specifically the FRCatalog.php endpoint where a time-based blind SQL injection is exploitable via the CurrentFundraiser GET parameter. Attack surface: web/API call to FRCatalog.php with CurrentFundraiser values can yield high-impact exposure (as reflected i...

CVE-2024-25894

CVE-2024-25894 affects ChurchCRM 5.5.0, specifically EventEditor.php, where a time-based blind SQL injection via the EventCount POST parameter is reported. Affected item: ChurchCRM 5.5.0 /EventEditor.php; vulnerability class: Blind SQL Injection (Time-based). Underlying cause and impact are state...

CVE-2024-25892

ChurchCRM 5.5.0 ConfirmReport.php is vulnerable to Blind SQL Injection Time-based via the familyId GET parameter...

CVE-2024-25894

ChurchCRM 5.5.0 /EventEditor.php is vulnerable to Blind SQL Injection Time-based via the EventCount POST parameter...

JFrog Artifactory < 7.25.4 - Blind SQL Injection Exploit

Exploit Title: artifactory low-privileged blind sql injection Exploit Author: ardr Vendor Homepage:https://jfrog.com/help/r/jfrog-release-information/cve-2021-3860-artifactory-low-privileged-blind-sql-injection Software Link:...

JFrog Artifactory &lt; 7.25.4 - Blind SQL Injection

Exploit Title: artifactory low-privileged blind sql injection Google Dork: Date: Exploit Author: ardr Vendor Homepage:https://jfrog.com/help/r/jfrog-release-information/cve-2021-3860-artifactory-low-privileged-blind-sql-injection Software Link:...

JFrog Artifactory SQL Injection

Exploit Title: artifactory low-privileged blind sql injection Google Dork: Date: Exploit Author: ardr Vendor Homepage:https://jfrog.com/help/r/jfrog-release-information/cve-2021-3860-artifactory-low-privileged-blind-sql-injection Software Link:...

Sql injection

Blind SQL Injection vulnerability in CU Solutions Group CUSG Content Management System CMS before v.7.75 allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted script to the pages.php component...

Amazon Linux AMI : cacti (ALAS-2024-1915)

The version of cacti installed on the remote host is prior to 1.1.19-6.24. It is, therefore, affected by a vulnerability as referenced in the ALAS-2024-1915 advisory. Cacti provides an operational monitoring and fault management framework. Version 1.2.25 has a Blind SQL Injection SQLi vulnerabili...

Important: cacti

Issue Overview: Cacti provides an operational monitoring and fault management framework. Version 1.2.25 has a Blind SQL Injection SQLi vulnerability within the SNMP Notification Receivers feature in the file 'managers.php'. An authenticated attacker with the "Settings/Utilities" permission can se...

CVE-2023-50030

In the module "Jms Setting" jmssetting from Joommasters for PrestaShop, a guest can perform SQL injection in versions = 1.1.0. The method JmsSetting::getSecondImgs has a sensitive SQL call that can be executed with a trivial http call and exploited to forge a blind SQL injection...

CVE-2023-50030

In the module "Jms Setting" jmssetting from Joommasters for PrestaShop, a guest can perform SQL injection in versions = 1.1.0. The method JmsSetting::getSecondImgs has a sensitive SQL call that can be executed with a trivial http call and exploited to forge a blind SQL injection...