CVE-2023-25347

A stored cross-site scripting XSS vulnerability in ChurchCRM 4.5.3, allows remote attackers to inject arbitrary web script or HTML via input fields. These input fields are located in the "Title" Input Field in EventEditor.php...

CVE-2025-67751 ChurchCRM has SQL Injection in Event Editor via `EN_tyid` Parameter caused by an Incomplete Fix

ChurchCRM is an open-source church management system. Prior to version 6.5.0, a SQL injection vulnerability exists in the EventEditor.php file. When creating a new event and selecting an event type, the ENtyid POST parameter is not sanitized. This allows an authenticated user with event managemen...

CVE-2024-25896

ChurchCRM 5.5.0 EventEditor.php is vulnerable to Blind SQL Injection Time-based via the EID POST parameter...

CVE-2024-25894

ChurchCRM 5.5.0 /EventEditor.php is vulnerable to Blind SQL Injection Time-based via the EventCount POST parameter...

Sql injection

ChurchCRM 5.5.0 /EventEditor.php is vulnerable to Blind SQL Injection Time-based via the EventCount POST parameter...

Sql injection

ChurchCRM 5.5.0 EventEditor.php is vulnerable to Blind SQL Injection Time-based via the EID POST parameter...

ChurchCRM Security Breach

ChurchCRM is an open source CRM system for churches. A security vulnerability exists in ChurchCRM version 5.5.0, which stems from cross-site scripting in the Event Sermon parameter of the EventEditor.php page...

CVE-2024-25894

ChurchCRM 5.5.0 /EventEditor.php is vulnerable to Blind SQL Injection Time-based via the EventCount POST parameter...

CVE-2024-25898

A XSS vulnerability was found in the ChurchCRM v.5.5.0 functionality, edit your event, where malicious JS or HTML code can be inserted in the Event Sermon field in EventEditor.php...

CVE-2024-25898

CVE-2024-25898 describes a cross-site scripting vulnerability in ChurchCRM v5.5.0, specifically when editing an event in EventEditor.php where attacker-supplied input in the Event Sermon field can inject malicious JavaScript or HTML. The affected component is ChurchCRM’s EventEditor.php; root cau...

CVE-2024-25896

Summary: CVE-2024-25896 affects ChurchCRM 5.5.0, specifically the EventEditor.php page, where a time-based blind SQL injection can be triggered via the EID POST parameter. This is confirmed by multiple connected sources. The vulnerability is described as a time-based blind SQL injection affecting...

CVE-2024-25896

ChurchCRM 5.5.0 EventEditor.php is vulnerable to Blind SQL Injection Time-based via the EID POST parameter...

CVE-2024-25896

ChurchCRM 5.5.0 EventEditor.php is vulnerable to Blind SQL Injection Time-based via the EID POST parameter...

CVE-2024-25894

CVE-2024-25894 affects ChurchCRM 5.5.0, specifically EventEditor.php, where a time-based blind SQL injection via the EventCount POST parameter is reported. Affected item: ChurchCRM 5.5.0 /EventEditor.php; vulnerability class: Blind SQL Injection (Time-based). Underlying cause and impact are state...

CVE-2024-25894

ChurchCRM 5.5.0 /EventEditor.php is vulnerable to Blind SQL Injection Time-based via the EventCount POST parameter...

Cross site scripting

A stored cross-site scripting XSS vulnerability in ChurchCRM 4.5.3, allows remote attackers to inject arbitrary web script or HTML via input fields. These input fields are located in the "Title" Input Field in EventEditor.php...