21 matches found
📄 ChurchCRM SQL Injection
ChurchCRM versions prior to 6.5.3 suffer from a remote SQL injection vulnerability in ConfirmReportEmail.php. CVE-2025-68400: ChurchCRM vulnerable to time-based blind SQL Injection in ConfirmReportEmail.php Overview | Field | Details | |---|---| | CVE ID | CVE-2025-68400 | | Severity | CRITICAL |...
CVE-2026-39341
ChurchCRM is an open-source church management system. Prior to 7.1.0, the application is vulnerable to time-based SQL injection due to an improper input validation. Endpoint Reports/ConfirmReportEmail.php?familyId= is not correctly sanitising user input, specifically, the sanitised input is not...
CVE-2026-39341 SQL injection in ChurchCRM.0
ChurchCRM is an open-source church management system. Prior to 7.1.0, the application is vulnerable to time-based SQL injection due to an improper input validation. Endpoint Reports/ConfirmReportEmail.php?familyId= is not correctly sanitising user input, specifically, the sanitised input is not...
EUVD-2026-19843
ChurchCRM is an open-source church management system. Prior to 7.1.0, The application is vulnerable to time-based SQL injection due to an improper input validation. Endpoint Reports/ConfirmReportEmail.php?familyId= is not correctly sanitising user input, specifically, the sanitised input is not...
CVE-2025-23481
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Anzar Ahmed Ni WooCommerce Sales Report Email ni-woocommerce-sales-report-email allows Reflected XSS.This issue affects Ni WooCommerce Sales Report Email: from n/a through = 3.1.4...
CVE-2025-68400
ChurchCRM is an open-source church management system. A SQL Injection vulnerability exists in the legacy endpoint /Reports/ConfirmReportEmail.php in ChurchCRM prior to version 6.5.3. Although the feature was removed from the UI, the file remains deployed and reachable directly via URL. This is a...
CVE-2025-68400
ChurchCRM is an open-source church management system. A SQL Injection vulnerability exists in the legacy endpoint /Reports/ConfirmReportEmail.php in ChurchCRM prior to version 6.5.3. Although the feature was removed from the UI, the file remains deployed and reachable directly via URL. This is a...
CVE-2025-68400 ChurchCRM vulnerable to time-based blind SQL Injection in ConfirmReportEmail.php
ChurchCRM is an open-source church management system. A SQL Injection vulnerability exists in the legacy endpoint /Reports/ConfirmReportEmail.php in ChurchCRM prior to version 6.5.3. Although the feature was removed from the UI, the file remains deployed and reachable directly via URL. This is a...
PT-2025-51932
Name of the Vulnerable Software and Affected Versions ChurchCRM versions prior to 6.5.3 Description ChurchCRM is an open-source church management system with a SQL Injection issue present in a legacy endpoint. The vulnerability exists in the /Reports/ConfirmReportEmail.php endpoint and is...
EUVD-2025-5731
Malicious code in bioql PyPI...
CVE-2022-38141
Missing Authorization vulnerability in Zorem Sales Report Email for WooCommerce.This issue affects Sales Report Email for WooCommerce: from n/a through 2.8...
CVE-2025-23481
The CVE-2025-23481 entry describes a Reflected XSS in the WordPress plugin “NotFound Ni WooCommerce Sales Report Email” (NotFound Ni WooCommerce Sales Report Email) up to version 3.1.4. The vulnerability arises from improper neutralization of input during web page generation , enabling reflected ...
CVE-2025-23481 WordPress Ni WooCommerce Sales Report Email plugin <= 3.1.4 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Anzar Ahmed Ni WooCommerce Sales Report Email ni-woocommerce-sales-report-email allows Reflected XSS.This issue affects Ni WooCommerce Sales Report Email: from n/a through = 3.1.4...
WordPress plugin NotFound Ni WooCommerce Sales Report Email 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in PHP. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress plugin NotFound Ni...
WordPress Ni WooCommerce Sales Report Email plugin <= 3.1.4 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin Ni WooCommerce Sales Report Email versions = 3.1.4...
CVE-2022-38141
Missing Authorization vulnerability in Zorem Sales Report Email for WooCommerce.This issue affects Sales Report Email for WooCommerce: from n/a through 2.8...
CVE-2022-38141
CVE-2022-38141 affects the WordPress plugin Sales Report Email for WooCommerce (<= 2.8). Descriptions in multiple sources identify a Missing Authorization vulnerability for the Mail/Email functionality, enabling unauthorized access to the feature. Exploitation status not detailed in the docume...
WordPress plugin Sales Report Email for WooCommerce security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...
CVE-2017-14956
AlienVault USM v5.4.2 and earlier offers authenticated users the functionality of exporting generated reports via the "/ossim/report/wizardemail.php" script. Besides offering an export via a local download, the script also offers the possibility to send out any report via email to a given address...
Bluecoat ASG 6.6/CAS 1.3 - OS Command Injection Exploit
Exploit for linux platform in category remote exploits Exploit Title: OS Command Injection Vulnerability in BlueCoat ASG and CAS Date: April 3, 2017 Exploit Authors: Chris Hebert, Peter Paccione and Corey Boyd Vendor Security Advisory: https://bto.bluecoat.com/security-advisory/sa138 Version: CAS...