28 matches found
CVE-2024-25897
CVE-2024-25897 affects ChurchCRM 5.5.0, specifically the FRCatalog.php endpoint where a time-based blind SQL injection is exploitable via the CurrentFundraiser GET parameter. Attack surface: web/API call to FRCatalog.php with CurrentFundraiser values can yield high-impact exposure (as reflected i...
CVE-2024-25893
ChurchCRM 5.5.0 FRCertificates.php is vulnerable to Blind SQL Injection Time-based via the CurrentFundraiser GET parameter...
ChurchCRM 安全漏洞
ChurchCRM is an open source CRM system for churches. A security vulnerability exists in ChurchCRM version 5.5.0 that stems from a time-based SQL blind injection vulnerability in the CurrentFundraiser GET parameter of the FRCatalog.php page. No details of the vulnerability are provided at this tim...
CVE-2024-25891
ChurchCRM 5.5.0 FRBidSheets.php is vulnerable to Blind SQL Injection Time-based via the CurrentFundraiser GET parameter...
CVE-2024-25893
ChurchCRM 5.5.0 FRCertificates.php is vulnerable to Blind SQL Injection Time-based via the CurrentFundraiser GET parameter...
PT-2024-21190 · Churchcrm · Churchcrm
Name of the Vulnerable Software and Affected Versions: ChurchCRM version 5.5.0 Description: The issue concerns a Blind SQL Injection vulnerability, specifically time-based, in the FRCatalog.php file. This vulnerability can be exploited via the CurrentFundraiser GET parameter in the API endpoint...
CVE-2024-25891
ChurchCRM 5.5.0 FRBidSheets.php is vulnerable to Blind SQL Injection Time-based via the CurrentFundraiser GET parameter...
CVE-2024-25893
ChurchCRM 5.5.0 FRCertificates.php is vulnerable to Blind SQL Injection Time-based via the CurrentFundraiser GET parameter...