Lucene search
+L

5 matches found

CNNVD
CNNVD
added 2026/04/07 12:0 a.m.7 views

ChurchCRM SQL注入漏洞

ChurchCRM is an open-source CRM system developed for churches. Versions of ChurchCRM prior to 7.1.0 had a SQL injection vulnerability. This vulnerability stems from the SQL injection in the QueryView.php file, where the searchwhat parameter is vulnerable to attacks due to SQL injection...

9.4CVSS5.9AI score0.00309EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/06 7:21 p.m.18 views

CVE-2026-35184 EcclesiaCRM has a Critical SQL Injection

EcclesiaCRM is CRM Software for church management. Prior to 8.0.0, there is a SQL injection vulnerability in v2/templates/query/queryview.php via the custom and value parameters. This vulnerability is fixed in 8.0.0...

8.7CVSS0.0035EPSS
Exploits1References4
OSV
OSV
added 2026/04/06 7:21 p.m.3 views

CVE-2026-35184 EcclesiaCRM has a Critical SQL Injection

EcclesiaCRM is CRM Software for church management. Prior to 8.0.0, there is a SQL injection vulnerability in v2/templates/query/queryview.php via the custom and value parameters. This vulnerability is fixed in 8.0.0...

8.7CVSS6AI score0.0035EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2023/08/08 4:15 p.m.4 views

CVE-2023-38771

SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the volopp parameter within the /QueryView.php...

7.5CVSS5.8AI score0.0071EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/08/08 12:0 a.m.5 views

ChurchCRM SQL注入漏洞

ChurchCRM is an open source CRM system for churches. ChurchCRM version v5.0.0 suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the friendmonths parameter in QueryView.php. An attacker can exploit this vulnerability to execute...

7.5CVSS8.2AI score0.0071EPSS
Exploits0References5
Rows per page
Query Builder