3 matches found
CVE-2021-41965
A SQL injection vulnerability exists in ChurchCRM version 2.0.0 to 4.4.5 that allows an authenticated attacker to issue an arbitrary SQL command to the database through the unsanitized ENtyid, theID and EID fields used when an Edit action on an existing record is being performed...
CVE-2021-41965
A SQL injection vulnerability exists in ChurchCRM version 2.0.0 to 4.4.5 that allows an authenticated attacker to issue an arbitrary SQL command to the database through the unsanitized ENtyid, theID and EID fields used when an Edit action on an existing record is being performed...
CVE-2021-41965
CVE-2021-41965 concerns ChurchCRM versions 2.0.0 through 4.4.5 where an authenticated user can trigger a SQL injection via unsanitized fields (EN_tyid, theID, and EID) during an Edit action on an existing record. The injected SQL commands appear to be executed against the database, with the vulne...