PT-2026-8053

The SEATT: Simple Event Attendance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.0. This is due to missing nonce validation on the event deletion functionality. This makes it possible for unauthenticated attackers to delete arbitrary...

WordPress SEATT: Simple Event Attendance plugin <= 1.5.0 - Cross-Site Request Forgery to Arbitrary Event Deletion vulnerability

Cross-Site Request Forgery to Arbitrary Event Deletion vulnerability discovered by MD. TAREQ AHAMED JONY itztrq - Knight Squad in WordPress Plugin SEATT: Simple Event Attendance versions = 1.5.0...

EUVD-2024-22637

Malicious code in bioql PyPI...

EUVD-2023-28695

Malicious code in bioql PyPI...

CVE-2023-24685

ChurchCRM v4.5.3 and below was discovered to contain a SQL injection vulnerability via the Event parameter under the Event Attendance reports module...

ChurchCRM Security Breach

ChurchCRM is an open source CRM system for churches. A security vulnerability exists in ChurchCRM version 5.5.0, which is caused by a reflected cross-site scripting vulnerability in the type parameter of the EventAttendance.php page...

CVE-2024-25627

Alf.io is a free and open source event attendance management system. An administrator on the alf.io application is able to upload HTML files that trigger JavaScript payloads. As such, an attacker gaining administrative access to the alf.io application may be able to persist access by planting an...

CVE-2024-25628

Alf.io is a free and open source event attendance management system. In versions prior to 2.0-M4-2402 users can access the admin area even after being invalidated/deleted. This issue has been addressed in version 2.0-M4-2402. All users are advised to upgrade. There are no known workarounds for th...

Use after free

Alf.io is a free and open source event attendance management system. An administrator on the alf.io application is able to upload HTML files that trigger JavaScript payloads. As such, an attacker gaining administrative access to the alf.io application may be able to persist access by planting an...

CVE-2024-25627

CVE-2024-25627 affects Alf.io. The vulnerability is an XSS via HTML file upload that requires administrative access to trigger a JavaScript payload, enabling persistence if an attacker gains admin rights. Affected software is Alf.io prior to version 2.0-M4-2402; the issue has been addressed in ve...

CVE-2024-25628

CVE-2024-25628 affects Alf.io, an open source event attendance management system. The vulnerability is described as insufficient session expiration: in versions prior to 2.0-M4-2402, users can access the admin area even after being invalidated or deleted. The issue has been addressed in version 2...

ChurchCRM 4.5.3 SQL Injection

Exploit Title: ChurchCRM 4.5.3 - Authenticated SQL Injection Date: 27-04-2023 Exploit Author: Iyaad Luqman K Software Link: https://github.com/ChurchCRM/CRM/releases Vendor Homepage: http://churchcrm.io/ Version: 4.5.3 Tested on: Windows, Linux CVE: CVE-2023-24685 ChurchCRM v4.5.3 and below was...

ChurchCRM v4.5.3 - Authenticated SQL Injection

Exploit Title: ChurchCRM 4.5.3 - Authenticated SQL Injection Date: 27-04-2023 Exploit Author: Iyaad Luqman K Software Link: https://github.com/ChurchCRM/CRM/releases Vendor Homepage: http://churchcrm.io/ Tested Version: 4.5.1 Tested on: Windows, Linux CVE: CVE-2023-24685 ChurchCRM v4.5.3 and belo...

ChurchCRM 4.5.1 SQL Injection

Exploit Title: ChurchCRM 4.5.1 - Authenticated SQL Injection Date: 11-03-2023 Exploit Author: Arvandy Blog Post: https://github.com/arvandy/CVE/blob/main/CVE-2023-24787/CVE-2023-24787.md Software Link: https://github.com/ChurchCRM/CRM/releases Vendor Homepage: http://churchcrm.io/ Version: 4.5.1...

ChurchCRM 4.5.1 - Authenticated SQL Injection

Exploit Title: ChurchCRM 4.5.1 - Authenticated SQL Injection Date: 11-03-2023 Exploit Author: Arvandy Blog Post: https://github.com/arvandy/CVE/blob/main/CVE-2023-24787/CVE-2023-24787.md Software Link: https://github.com/ChurchCRM/CRM/releases Vendor Homepage: http://churchcrm.io/ Version: 4.5.1...

PT-2023-19781 · Churchcrm · Churchcrm

Name of the Vulnerable Software and Affected Versions: churchcrm version 4.5.3 Description: The issue is related to a SQL injection vulnerability. It occurs via the Event parameter at the "/churchcrm/EventAttendance.php" API endpoint. Recommendations: For churchcrm version 4.5.3, consider...

CVE-2023-24685

ChurchCRM v4.5.3 and below was discovered to contain a SQL injection vulnerability via the Event parameter under the Event Attendance reports module...

CVE-2023-24685

ChurchCRM v4.5.3 and below was discovered to contain a SQL injection vulnerability via the Event parameter under the Event Attendance reports module...

Sql injection

ChurchCRM v4.5.3 and below was discovered to contain a SQL injection vulnerability via the Event parameter under the Event Attendance reports module...

CVE-2023-24685

ChurchCRM v4.5.3 and below was discovered to contain a SQL injection vulnerability via the Event parameter under the Event Attendance reports module...