61 matches found
CVE-2023-38764
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the birthmonth and percls parameters within the /QueryView.php...
CVE-2023-38762
ChurchCRM v5.0.0 is affected by a SQL injection in the friendmonths parameter of QueryView.php. The vulnerability, described across CNVD and other sources as stemming from insufficient validation of externally supplied SQL, allows remote attackers to potentially exfiltrate data. Connected documen...
CVE-2023-38773
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the volopp1 and volopp2 parameters within the /QueryView.php...
CVE-2023-38769
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the searchstring and searchwhat parameters within the /QueryView.php...
CVE-2023-38770
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the group parameter within the /QueryView.php...
CVE-2023-38765
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the membermonth parameter within the /QueryView.php...
CVE-2023-38764
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the birthmonth and percls parameters within the /QueryView.php...
CVE-2023-38767
ChurchCRM v5.0.0 is affected by an SQL injection in /QueryView.php, exploitable via the value and custom parameters. Root cause: unsafely constructed SQL queries in that endpoint allow remote disclosure of sensitive information. Exploitation in the wild is not documented in the provided sources; ...
CVE-2023-38771
ChurchCRM v5.0.0 is affected by an SQL injection via the volopp parameter in /QueryView.php. Root cause: improper handling of user input in that endpoint leads to database query manipulation. Impact per the records includes exposure of sensitive information to remote attackers; exploitation detai...
CVE-2023-38760
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the role and gender parameters within the /QueryView.php component...
CVE-2023-38771
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the volopp parameter within the /QueryView.php...
CVE-2023-38769
CVE-2023-38769 is a SQL injection vulnerability in ChurchCRM v5.0.0. The issue affects the /QueryView.php endpoint, specifically the vulnerable handling of the parameters searchstring and searchwhat , enabling a remote attacker to obtain sensitive information. The cited sources consistently descr...
CVE-2023-38760
ChurchCRM v5.0.0 contains a SQL injection vulnerability in the QueryView.php component, exploitable via the role and gender parameters to access sensitive information. The issue’s root cause is input handling in that view leading to unauthorized data exposure. No explicit exploitation, mitigation...
CVE-2023-38771
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the volopp parameter within the /QueryView.php...
CVE-2023-38770
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the group parameter within the /QueryView.php...
CVE-2023-38767
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the 'value' and 'custom' parameters within the /QueryView.php...
CVE-2023-38773
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the volopp1 and volopp2 parameters within the /QueryView.php...
CVE-2023-38762
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the friendmonths parameter within the /QueryView.php...
CVE-2023-38762
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the friendmonths parameter within the /QueryView.php...
CVE-2023-38760
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the role and gender parameters within the /QueryView.php component...