2 matches found
CVE-2023-38770
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the group parameter within the /QueryView.php...
CVE-2023-38770
CVE-2023-38770 – ChurchCRM 5.0.0 suffers a SQL injection in the group parameter of QueryView.php. The root cause is lack of validation/external SQL handling for this parameter, enabling a remote attacker to obtain sensitive data from the database (high risk per CVSS 3.1: AV:N/AC:L/PR:N/UI:N/S:U/C...