CVE-2025-67751

ChurchCRM is an open-source church management system. Prior to version 6.5.0, a SQL injection vulnerability exists in the EventEditor.php file. When creating a new event and selecting an event type, the ENtyid POST parameter is not sanitized. This allows an authenticated user with event managemen...

CVE-2025-67751

ChurchCRM is an open-source church management system. Prior to version 6.5.0, a SQL injection vulnerability exists in the EventEditor.php file. When creating a new event and selecting an event type, the ENtyid POST parameter is not sanitized. This allows an authenticated user with event managemen...

CVE-2025-67751 ChurchCRM has SQL Injection in Event Editor via `EN_tyid` Parameter caused by an Incomplete Fix

ChurchCRM is an open-source church management system. Prior to version 6.5.0, a SQL injection vulnerability exists in the EventEditor.php file. When creating a new event and selecting an event type, the ENtyid POST parameter is not sanitized. This allows an authenticated user with event managemen...

CVE-2025-67751 ChurchCRM has SQL Injection in Event Editor via `EN_tyid` Parameter caused by an Incomplete Fix

ChurchCRM is an open-source church management system. Prior to version 6.5.0, a SQL injection vulnerability exists in the EventEditor.php file. When creating a new event and selecting an event type, the ENtyid POST parameter is not sanitized. This allows an authenticated user with event managemen...

CVE-2025-67751

ChurchCRM prior to version 6.5.0 contains a SQL injection in EventEditor.php. When creating a new event and selecting an event type, the EN_tyid POST parameter is not sanitized, allowing an authenticated user with event management permissions (isAddEvent) to execute arbitrary SQL queries. The iss...

CVE-2025-67751 ChurchCRM has SQL Injection in Event Editor via `EN_tyid` Parameter caused by an Incomplete Fix

ChurchCRM is an open-source church management system. Prior to version 6.5.0, a SQL injection vulnerability exists in the EventEditor.php file. When creating a new event and selecting an event type, the ENtyid POST parameter is not sanitized. This allows an authenticated user with event managemen...

ChurchCRM SQL注入漏洞

ChurchCRM is ChurchCRM open source an open source CRM system for churches. A SQL injection vulnerability exists in ChurchCRM versions prior to 6.5.0, which stems from a SQL injection issue in the EventEditor.php file, which could lead to the execution of arbitrary SQL queries...

CVE-2024-25898

A XSS vulnerability was found in the ChurchCRM v.5.5.0 functionality, edit your event, where malicious JS or HTML code can be inserted in the Event Sermon field in EventEditor.php...

ChurchCRM EventEditor.php Page SQL Injection Vulnerability

ChurchCRM is an open source church management system. ChurchCRM suffers from a SQL injection vulnerability that stems from a time-based SQL blind injection vulnerability in the EID POST parameter of the EventEditor.php page. No detailed vulnerability details are provided at this time...

ChurchCRM Security Breach

ChurchCRM is an open source CRM system for churches. A security vulnerability exists in ChurchCRM version 5.5.0, which stems from a time-based SQL blind injection vulnerability in the EID POST parameter of the EventEditor.php page...

PT-2024-21189 · Churchcrm · Churchcrm

Name of the Vulnerable Software and Affected Versions: ChurchCRM version 5.5.0 Description: The issue concerns a Blind SQL Injection vulnerability, specifically time-based, that can be exploited via the EID parameter in the EventEditor.php file. This allows for potential unauthorized access to...

PT-2023-20032 · Churchcrm · Churchcrm

Name of the Vulnerable Software and Affected Versions: ChurchCRM version 4.5.3 Description: A stored cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via input fields, specifically the Title input field in EventEditor.php. Recommendations: For ChurchCR...

Synology Calendar Cross-Site Scripting Vulnerability (CNVD-2019-20976)

Synology Calendar is a file protection program from Synology Inc. of Taiwan, China that runs on Synology NAS Network Storage Server devices. A cross-site scripting vulnerability exists in Event Editor in Synology Calendar versions prior to 2.3.0-0615. The vulnerability stems from a lack of proper...

CVE-2019-11825

Cross-site scripting XSS vulnerability in Event Editor in Synology Calendar before 2.3.0-0615 allows remote attackers to inject arbitrary web script or HTML via the title parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in Event Editor in Synology Calendar before 2.3.0-0615 allows remote attackers to inject arbitrary web script or HTML via the title parameter...

CVE-2019-11825

Cross-site scripting XSS vulnerability in Event Editor in Synology Calendar before 2.3.0-0615 allows remote attackers to inject arbitrary web script or HTML via the title parameter...

PT-2019-12510 · Synology · Synology Calendar

Name of the Vulnerable Software and Affected Versions: Synology Calendar versions prior to 2.3.0-0615 Description: A cross-site scripting XSS issue exists, allowing remote attackers to inject arbitrary web script or HTML via the title parameter in the Event Editor. Recommendations: For versions...