5 matches found
EUVD-2023-28788
Malicious code in bioql PyPI...
CVE-2023-24685
ChurchCRM v4.5.3 and below was discovered to contain a SQL injection vulnerability via the Event parameter under the Event Attendance reports module...
ChurchCRM v4.5.3 - Authenticated SQL Injection
Exploit Title: ChurchCRM 4.5.3 - Authenticated SQL Injection Date: 27-04-2023 Exploit Author: Iyaad Luqman K Software Link: https://github.com/ChurchCRM/CRM/releases Vendor Homepage: http://churchcrm.io/ Tested Version: 4.5.1 Tested on: Windows, Linux CVE: CVE-2023-24685 ChurchCRM v4.5.3 and belo...
ChurchCRM 4.5.3 SQL Injection
Exploit Title: ChurchCRM 4.5.3 - Authenticated SQL Injection Date: 27-04-2023 Exploit Author: Iyaad Luqman K Software Link: https://github.com/ChurchCRM/CRM/releases Vendor Homepage: http://churchcrm.io/ Version: 4.5.3 Tested on: Windows, Linux CVE: CVE-2023-24685 ChurchCRM v4.5.3 and below was...
CVE-2023-24685
ChurchCRM v4.5.3 and earlier contains a SQL injection in the Event Attendance reports module, triggered by the Event parameter. The vulnerability stems from an improper handling of input in the Event Attendance page, enabling unauthorized access to potentially sensitive data. Several sources conf...