Lucene search
K

9 matches found

Vulnrichment
Vulnrichment
added 2026/04/07 3:49 p.m.2 views

CVE-2026-35567

...

5.9AI score0.00047EPSS
Exploits0
EUVD
EUVD
added 2026/04/07 3:49 p.m.2 views

EUVD-2026-19722

ChurchCRM is an open-source church management system. Prior to 7.1.0, the NewRole POST parameter in src/MemberRoleChange.php is used in an SQL query without proper integer validation, allowing authenticated users to inject arbitrary SQL. The attack requires an authenticated session with...

8.8CVSS6AI score0.00047EPSS
Exploits0References1
CVE
CVE
added 2026/04/07 3:49 p.m.12 views

CVE-2026-35567

ChurchCRM Before version 7.1.0, the POST parameter NewRole in src/MemberRoleChange.php is used in an SQL query without proper integer validation, allowing an authenticated user with the ManageGroups role to inject arbitrary SQL. Requires knowledge of a valid GroupID and PersonID (obtainable from ...

6AI score0.00047EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.5 views

PT-2026-30889

ChurchCRM is an open-source church management system. Prior to 7.1.0, the NewRole POST parameter in src/MemberRoleChange.php is used in an SQL query without proper integer validation, allowing authenticated users to inject arbitrary SQL. The attack requires an authenticated session with...

8.8CVSS6AI score0.00047EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/08/29 11:18 a.m.7 views

CVE-2025-40709 Cross-Site Scripting (XSS) vulnerability in OpenAtlas by ACDH-CH

Cross-Site Scripting XSS vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage ACDH-CH, due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an...

5.1CVSS0.00201EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/11/15 12:0 a.m.4 views

KASO 安全漏洞

KASO is an application from KASO Inc. A security vulnerability exists in KASO v9.0, which stems from the discovery of an SQL injection vulnerability via the personid parameter in /cardcase/editcard.jsp...

9.8CVSS8AI score0.00421EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/11/13 12:0 a.m.4 views

PT-2024-34402 · Kaso · Kaso

Name of the Vulnerable Software and Affected Versions: KASO version 9.0 Description: A SQL injection issue was discovered via the person id parameter at the "/cardcase/editcard.jsp" API endpoint. This allows for potential exploitation of the database. Recommendations: For KASO version 9.0, consid...

9.8CVSS7.9AI score0.00421EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/03/18 12:0 a.m.6 views

PT-2024-21212 · Amss++ · Amss++

Name of the Vulnerable Software and Affected Versions: AMSS++ version 4.31 Description: The issue allows SQL injection through the /amssplus/modules/person/pic show.php endpoint, in the person id parameter. This could enable a remote attacker to send a specially crafted SQL query to the server an...

8.2CVSS7.4AI score0.00478EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/06/08 12:0 a.m.1 views

PT-2022-20688 · Churchcrm · Churchcrm

Name of the Vulnerable Software and Affected Versions: ChurchCRM version 4.4.5 Description: There is a SQL Injection issue via the PersonID field in the "/churchcrm/WhyCameEditor.php" API endpoint. Recommendations: For ChurchCRM version 4.4.5, as a temporary workaround, consider restricting acces...

7.2CVSS7.2AI score0.04968EPSS
Exploits5References11
Rows per page
Query Builder