14 matches found
EUVD-2023-42537
Malicious code in bioql PyPI...
EUVD-2023-42546
Malicious code in bioql PyPI...
EUVD-2023-30632
Malicious code in bioql PyPI...
CVE-2023-38765
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the membermonth parameter within the /QueryView.php...
CVE-2022-31325
There is a SQL Injection vulnerability in ChurchCRM 4.4.5 via the 'PersonID' field in /churchcrm/WhyCameEditor.php...
CVE-2020-28848
CSV Injection vulnerability in ChurchCRM version 4.2.0, allows remote attackers to execute arbitrary code via crafted CSV file...
ChurchCRM 代码问题漏洞
ChurchCRM is an open source CRM system built for churches by ChurchCRM Open Source. A security vulnerability exists in ChurchCRM version 5.16.0 that stems from a server-side request forgery in the Referer Handler component...
CVE-2020-28848
CSV Injection vulnerability in ChurchCRM version 4.2.0, allows remote attackers to execute arbitrary code via crafted CSV file...
ChurchCRM SQL注入漏洞
ChurchCRM is an open source CRM system for churches. ChurchCRM version v5.0.0 suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the friendmonths parameter in QueryView.php. An attacker can exploit this vulnerability to execute...
CVE-2023-24685
ChurchCRM v4.5.3 and below was discovered to contain a SQL injection vulnerability via the Event parameter under the Event Attendance reports module...
Cross site scripting
ChurchCRM Version 4.4.5 has XSS vulnerabilities that allow attackers to store XSS via location input Deposit Comment...
CVE-2022-36137
ChurchCRM Version 4.4.5 has XSS vulnerabilities that allow attackers to store XSS via location input sHeader...
CVE-2022-36136
ChurchCRM Version 4.4.5 has XSS vulnerabilities that allow attackers to store XSS via location input Deposit Comment...
CVE-2022-36137
ChurchCRM Version 4.4.5 has XSS vulnerabilities that allow attackers to store XSS via location input sHeader...