61 matches found
CVE-2026-35184
EcclesiaCRM is CRM Software for church management. Prior to 8.0.0, there is a SQL injection vulnerability in v2/templates/query/queryview.php via the custom and value parameters. This vulnerability is fixed in 8.0.0...
EcclesiaCRM SQL注入漏洞
EcclesiaCRM is a customer relationship management software for church management, developed by the French individual phili67. Versions of EcclesiaCRM prior to 8.0.0 contained a SQL injection vulnerability. This vulnerability stemmed from improper handling of the custom and value parameters in the...
EUVD-2023-42540
Malicious code in bioql PyPI...
CVE-2023-38764
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the birthmonth and percls parameters within the /QueryView.php...
CVE-2023-38771
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the volopp parameter within the /QueryView.php...
CVE-2023-38767
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the 'value' and 'custom' parameters within the /QueryView.php...
NETGEAR DGN3500 Buffer Overflow Vulnerability
The NETGEAR DGN3500 is a wireless router from NETGEAR. The NETGEAR DGN3500 version 1.1.00.37 suffers from a buffer overflow vulnerability, which originates from the httppassword parameter in setup.cgi failing to properly validate the length of the input data, which can be exploited by a remote...
ChurchCRM friendmonths parameter SQL Injection Vulnerability
ChurchCRM is an open source CRM system for churches. ChurchCRM version v5.0.0 suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the friendmonths parameter in QueryView.php. An attacker can exploit this vulnerability to execute...
ChurchCRM group parameter SQL injection vulnerability
ChurchCRM is an open source CRM system for churches. ChurchCRM version v5.0.0 suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the group parameter of QueryView.php. An attacker can exploit this vulnerability to execute illeg...
CVE-2023-38768
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the PropertyID parameter within the /QueryView.php...
CVE-2023-38770
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the group parameter within the /QueryView.php...
CVE-2023-38773
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the volopp1 and volopp2 parameters within the /QueryView.php...
CVE-2023-38771
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the volopp parameter within the /QueryView.php...
CVE-2023-38770
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the group parameter within the /QueryView.php...
CVE-2023-38768
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the PropertyID parameter within the /QueryView.php...
CVE-2023-38769
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the searchstring and searchwhat parameters within the /QueryView.php...
CVE-2023-38769
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the searchstring and searchwhat parameters within the /QueryView.php...
CVE-2023-38771
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the volopp parameter within the /QueryView.php...
CVE-2023-38760
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the role and gender parameters within the /QueryView.php component...
CVE-2023-38760
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the role and gender parameters within the /QueryView.php component...