30 matches found
CVE-2026-35184
EcclesiaCRM is CRM Software for church management. Prior to 8.0.0, there is a SQL injection vulnerability in v2/templates/query/queryview.php via the custom and value parameters. This vulnerability is fixed in 8.0.0...
CVE-2026-39342
ChurchCRM is an open-source church management system. Prior to 7.1.0, the searchwhat parameter via QueryView.php with the QueryID=15 is vulnerable to a SQL injection. The authenticated user requires access to Data/Reports Query Menu and access to the "Advanced Search" query. This vulnerability is...
CVE-2026-39342
ChurchCRM is an open-source church management system. Prior to 7.1.0, the searchwhat parameter via QueryView.php with the QueryID=15 is vulnerable to a SQL injection. The authenticated user requires access to Data/Reports Query Menu and access to the "Advanced Search" query. This vulnerability is...
CVE-2026-39342 ChurchCRM has a SQL injection searchwhat parameter via QueryView.php
ChurchCRM is an open-source church management system. Prior to 7.1.0, the searchwhat parameter via QueryView.php with the QueryID=15 is vulnerable to a SQL injection. The authenticated user requires access to Data/Reports Query Menu and access to the "Advanced Search" query. This vulnerability is...
ChurchCRM SQL注入漏洞
ChurchCRM is an open-source CRM system developed for churches. Versions of ChurchCRM prior to 7.1.0 had a SQL injection vulnerability. This vulnerability stems from the SQL injection in the QueryView.php file, where the searchwhat parameter is vulnerable to attacks due to SQL injection...
CVE-2026-35184 EcclesiaCRM has a Critical SQL Injection
EcclesiaCRM is CRM Software for church management. Prior to 8.0.0, there is a SQL injection vulnerability in v2/templates/query/queryview.php via the custom and value parameters. This vulnerability is fixed in 8.0.0...
CVE-2026-35184
EcclesiaCRM is CRM Software for church management. Prior to 8.0.0, there is a SQL injection vulnerability in v2/templates/query/queryview.php via the custom and value parameters. This vulnerability is fixed in 8.0.0...
EUVD-2026-19468
EcclesiaCRM is CRM Software for church management. Prior to 8.0.0, there is a SQL injection vulnerability in v2/templates/query/queryview.php via the custom and value parameters. This vulnerability is fixed in 8.0.0...
PT-2026-30719
EcclesiaCRM is CRM Software for church management. Prior to 8.0.0, there is a SQL injection vulnerability in v2/templates/query/queryview.php via the custom and value parameters. This vulnerability is fixed in 8.0.0...
CVE-2023-38771
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the volopp parameter within the /QueryView.php...
CVE-2023-38769
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the searchstring and searchwhat parameters within the /QueryView.php...
CVE-2023-38765
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the membermonth parameter within the /QueryView.php...
CVE-2023-38764
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the birthmonth and percls parameters within the /QueryView.php...
CVE-2023-38762
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the friendmonths parameter within the /QueryView.php...
ChurchCRM SQL注入漏洞
ChurchCRM is an open source CRM system for churches. ChurchCRM version v5.0.0 suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the group parameter of QueryView.php. An attacker can exploit this vulnerability to execute illeg...
PT-2023-26601 · Churchcrm · Churchcrm
Name of the Vulnerable Software and Affected Versions: ChurchCRM version 5.0.0 Description: A SQL injection issue allows a remote attacker to obtain sensitive information via the volopp1 and volopp2 parameters within the "/QueryView.php" API endpoint. Recommendations: For ChurchCRM version 5.0.0,...
PT-2023-26600 · Churchcrm · Churchcrm
Name of the Vulnerable Software and Affected Versions: ChurchCRM version 5.0.0 Description: The issue allows a remote attacker to obtain sensitive information via the volopp parameter within the "/QueryView.php" API endpoint. This enables the attacker to inject SQL code, potentially leading to...
PT-2023-26595 · Churchcrm · Churchcrm
Name of the Vulnerable Software and Affected Versions: ChurchCRM version 5.0.0 Description: A SQL injection issue allows a remote attacker to obtain sensitive information via the value and custom parameters within the "/QueryView.php" API endpoint. Recommendations: For ChurchCRM version 5.0.0, as...
ChurchCRM SQL注入漏洞
ChurchCRM is an open source CRM system for churches. ChurchCRM version v5.0.0 suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the friendmonths parameter in QueryView.php. An attacker can exploit this vulnerability to execute...
TYPO3 Insecure Deserialization in Query Generator & Query View
An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has been discovered that the classes QueryGenerator and QueryView are vulnerable to insecure deserialization. One exploitable scenario requires having the system extension ext:lowlevel Backend Module: DB...