8 matches found
Sql injection
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the FundRaiserID parameter within the /FundRaiserEditor.php endpoint...
CVE-2023-38763
CVE-2023-38763 is a SQL injection vulnerability affecting ChurchCRM v5.0.0. The issue allows a remote attacker to obtain sensitive information through the FundRaiserID parameter in the /FundRaiserEditor.php endpoint. The vulnerability is documented across multiple sources (NVD/Red Hat/OSV/others)...
CVE-2023-38763
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the FundRaiserID parameter within the /FundRaiserEditor.php endpoint...
CVE-2023-38763
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the FundRaiserID parameter within the /FundRaiserEditor.php endpoint...
CVE-2023-31548
A stored Cross-site scripting XSS vulnerability in the FundRaiserEditor.php component of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
CVE-2023-31548
CVE-2023-31548 is a stored XSS in ChurchCRM v4.5.3 (FundRaiserEditor.php). Native documents consistently describe the vulnerability as stored XSS allowing crafted payloads to execute script/HTML in users’ pages. Exploitation status is not detailed in the provided data. The core cause is input tha...
EUVD-2023-35849
A stored Cross-site scripting XSS vulnerability in the FundRaiserEditor.php component of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
CVE-2023-31548
A stored Cross-site scripting XSS vulnerability in the FundRaiserEditor.php component of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...