Lucene search
K

21 matches found

Packet Storm
Packet Storm
added 2026/04/13 12:0 a.m.108 views

📄 ChurchCRM SQL Injection

ChurchCRM versions prior to 6.5.3 suffer from a remote SQL injection vulnerability in ConfirmReportEmail.php. CVE-2025-68400: ChurchCRM vulnerable to time-based blind SQL Injection in ConfirmReportEmail.php Overview | Field | Details | |---|---| | CVE ID | CVE-2025-68400 | | Severity | CRITICAL |...

9.3CVSS5.9AI score0.00323EPSS
Exploits3
RedhatCVE
RedhatCVE
added 2026/04/09 7:23 p.m.4 views

CVE-2026-39341

ChurchCRM is an open-source church management system. Prior to 7.1.0, the application is vulnerable to time-based SQL injection due to an improper input validation. Endpoint Reports/ConfirmReportEmail.php?familyId= is not correctly sanitising user input, specifically, the sanitised input is not...

8.1CVSS5.9AI score0.0028EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/07 6:1 p.m.1 views

CVE-2026-39341 SQL injection in ChurchCRM.0

ChurchCRM is an open-source church management system. Prior to 7.1.0, the application is vulnerable to time-based SQL injection due to an improper input validation. Endpoint Reports/ConfirmReportEmail.php?familyId= is not correctly sanitising user input, specifically, the sanitised input is not...

8.1CVSS5.9AI score0.0028EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/07 6:1 p.m.8 views

EUVD-2026-19843

ChurchCRM is an open-source church management system. Prior to 7.1.0, The application is vulnerable to time-based SQL injection due to an improper input validation. Endpoint Reports/ConfirmReportEmail.php?familyId= is not correctly sanitising user input, specifically, the sanitised input is not...

8.1CVSS5.9AI score0.0028EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:49 a.m.5 views

CVE-2025-23481

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Anzar Ahmed Ni WooCommerce Sales Report Email ni-woocommerce-sales-report-email allows Reflected XSS.This issue affects Ni WooCommerce Sales Report Email: from n/a through = 3.1.4...

7.1CVSS5.9AI score0.00262EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/18 10:37 p.m.5 views

CVE-2025-68400

ChurchCRM is an open-source church management system. A SQL Injection vulnerability exists in the legacy endpoint /Reports/ConfirmReportEmail.php in ChurchCRM prior to version 6.5.3. Although the feature was removed from the UI, the file remains deployed and reachable directly via URL. This is a...

9.3CVSS8AI score0.00323EPSS
Exploits3References1
NVD
NVD
added 2025/12/17 10:16 p.m.3 views

CVE-2025-68400

ChurchCRM is an open-source church management system. A SQL Injection vulnerability exists in the legacy endpoint /Reports/ConfirmReportEmail.php in ChurchCRM prior to version 6.5.3. Although the feature was removed from the UI, the file remains deployed and reachable directly via URL. This is a...

9.3CVSS0.00323EPSS
Exploits3References1
OSV
OSV
added 2025/12/17 9:42 p.m.4 views

CVE-2025-68400 ChurchCRM vulnerable to time-based blind SQL Injection in ConfirmReportEmail.php

ChurchCRM is an open-source church management system. A SQL Injection vulnerability exists in the legacy endpoint /Reports/ConfirmReportEmail.php in ChurchCRM prior to version 6.5.3. Although the feature was removed from the UI, the file remains deployed and reachable directly via URL. This is a...

9.3CVSS7.9AI score0.00323EPSS
Exploits3References3
Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.4 views

PT-2025-51932

Name of the Vulnerable Software and Affected Versions ChurchCRM versions prior to 6.5.3 Description ChurchCRM is an open-source church management system with a SQL Injection issue present in a legacy endpoint. The vulnerability exists in the /Reports/ConfirmReportEmail.php endpoint and is...

9.3CVSS7.4AI score0.00323EPSS
Exploits3References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2025-5731

Malicious code in bioql PyPI...

7.1CVSS6.6AI score0.00262EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 9:49 p.m.8 views

CVE-2022-38141

Missing Authorization vulnerability in Zorem Sales Report Email for WooCommerce.This issue affects Sales Report Email for WooCommerce: from n/a through 2.8...

6.5CVSS7.1AI score0.00403EPSS
Exploits0References1
CVE
CVE
added 2025/03/03 1:30 p.m.49 views

CVE-2025-23481

The CVE-2025-23481 entry describes a Reflected XSS in the WordPress plugin “NotFound Ni WooCommerce Sales Report Email” (NotFound Ni WooCommerce Sales Report Email) up to version 3.1.4. The vulnerability arises from improper neutralization of input during web page generation , enabling reflected ...

7.1CVSS5.9AI score0.00262EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/03 1:30 p.m.12 views

CVE-2025-23481 WordPress Ni WooCommerce Sales Report Email plugin <= 3.1.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Anzar Ahmed Ni WooCommerce Sales Report Email ni-woocommerce-sales-report-email allows Reflected XSS.This issue affects Ni WooCommerce Sales Report Email: from n/a through = 3.1.4...

7.1CVSS0.00262EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/03/03 12:0 a.m.2 views

WordPress plugin NotFound Ni WooCommerce Sales Report Email 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in PHP. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress plugin NotFound Ni...

7.1CVSS5.8AI score0.00262EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/01/16 6:41 p.m.4 views

WordPress Ni WooCommerce Sales Report Email plugin <= 3.1.4 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin Ni WooCommerce Sales Report Email versions = 3.1.4...

7.1CVSS6.1AI score0.00262EPSS
Exploits0Affected Software1
OSV
OSV
added 2024/01/17 4:15 p.m.5 views

CVE-2022-38141

Missing Authorization vulnerability in Zorem Sales Report Email for WooCommerce.This issue affects Sales Report Email for WooCommerce: from n/a through 2.8...

6.5CVSS5.8AI score0.00403EPSS
Exploits0References1
CVE
CVE
added 2024/01/17 4:4 p.m.41 views

CVE-2022-38141

CVE-2022-38141 affects the WordPress plugin Sales Report Email for WooCommerce (&lt;= 2.8). Descriptions in multiple sources identify a Missing Authorization vulnerability for the Mail/Email functionality, enabling unauthorized access to the feature. Exploitation status not detailed in the docume...

6.5CVSS7.1AI score0.00403EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/01/17 12:0 a.m.3 views

WordPress plugin Sales Report Email for WooCommerce security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...

6.5CVSS6.6AI score0.00403EPSS
Exploits0References3
OSV
OSV
added 2017/10/18 6:29 p.m.6 views

CVE-2017-14956

AlienVault USM v5.4.2 and earlier offers authenticated users the functionality of exporting generated reports via the "/ossim/report/wizardemail.php" script. Besides offering an export via a local download, the script also offers the possibility to send out any report via email to a given address...

5.7CVSS5.8AI score0.0186EPSS
Exploits6References6
0day.today
0day.today
added 2017/04/04 12:0 a.m.55 views

Bluecoat ASG 6.6/CAS 1.3 - OS Command Injection Exploit

Exploit for linux platform in category remote exploits Exploit Title: OS Command Injection Vulnerability in BlueCoat ASG and CAS Date: April 3, 2017 Exploit Authors: Chris Hebert, Peter Paccione and Corey Boyd Vendor Security Advisory: https://bto.bluecoat.com/security-advisory/sa138 Version: CAS...

9CVSS7AI score0.10126EPSS
Exploits8
Rows per page
Query Builder