3 matches found
CVE-2023-38762
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the friendmonths parameter within the /QueryView.php...
CVE-2023-38762
ChurchCRM v5.0.0 is affected by a SQL injection in the friendmonths parameter of QueryView.php. The vulnerability, described across CNVD and other sources as stemming from insufficient validation of externally supplied SQL, allows remote attackers to potentially exfiltrate data. Connected documen...
CVE-2023-38762
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the friendmonths parameter within the /QueryView.php...