Lucene search
K

216673 matches found

Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.5 views

PT-2026-30888

ChurchCRM is an open-source church management system. Prior to 7.1.0, a critical SQL injection vulnerability exists in src/Reports/FundRaiserStatement.php where the $ SESSION'iCurrentFundraiser' value is used in an unquoted numeric SQL context without integer validation. The value originates from...

8.8CVSS6AI score
Exploits0References2
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.11 views

ChurchCRM SQL注入漏洞

ChurchCRM is an open-source CRM system developed for churches. Versions of ChurchCRM prior to 7.1.0 contained a SQL injection vulnerability. This vulnerability stemmed from improper handling of the type array parameters by the /SettingsUser.php endpoint, which could lead to SQL injection attacks...

7.2CVSS5.9AI score0.00254EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.5 views

PT-2026-30958

ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /SettingsIndividual.php in ChurchCRM 7.0.5. Authenticated users without any specific privileges can inject arbitrary SQL statements through the type array parameter via t...

8.8CVSS6AI score0.00253EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.6 views

ChurchCRM SQL注入漏洞

ChurchCRM is an open-source CRM system developed for churches. Versions of ChurchCRM prior to 7.1.0 had a SQL injection vulnerability. This vulnerability stems from the SQL injection in the QueryView.php file, where the searchwhat parameter is vulnerable to attacks due to SQL injection...

9.4CVSS5.9AI score0.00309EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.5 views

PT-2026-30965

Name of the Vulnerable Software and Affected Versions ChurchCRM versions prior to 7.1.0 Description ChurchCRM, an open-source church management system, has an issue where the searchwhat parameter in 'QueryView.php' with 'QueryID=15' is susceptible to SQL injection. An authenticated user needs...

9.4CVSS5.9AI score0.00309EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/04/06 10:59 p.m.6 views

CVE-2026-5586

A vulnerability was determined in zhongyu09 openchatbi up to 0.2.1. The impacted element is an unknown function of the component Multi-stage Text2SQL Workflow. Executing a manipulation of the argument keywords can lead to sql injection. The attack may be launched remotely. The exploit has been...

6.5CVSS6.4AI score0.00256EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/06 10:59 p.m.5 views

CVE-2026-5596

A vulnerability was detected in griptape-ai griptape 0.19.4. Affected by this issue is some unknown functionality of the file griptape/tools/sql/tool.py of the component SqlTool. Performing a manipulation results in sql injection. It is possible to initiate the attack remotely. The exploit is now...

6.5CVSS6.4AI score0.00196EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/06 10:59 p.m.5 views

CVE-2026-5587

A vulnerability was identified in wbbeyourself MAC-SQL up to 31a9df5e0d520be4769be57a4b9022e5e34a14f4. This affects the function executesql of the file core/agents.py of the component Refiner Agent. The manipulation leads to sql injection. Remote exploitation of the attack is possible. The exploi...

6.5CVSS6.3AI score0.00196EPSS
Exploits0References1
NVD
NVD
added 2026/04/06 9:16 p.m.5 views

CVE-2026-35395

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, WeGIA Web gerenciador para instituições assistenciais contains a SQL injection vulnerability in dao/memorando/DespachoDAO.php. The idmemorando parameter is extracted from $REQUEST without validation and directly interpolated into...

8.8CVSS0.00392EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/06 9:1 p.m.3 views

CVE-2026-35395

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, WeGIA Web gerenciador para instituições assistenciais contains a SQL injection vulnerability in dao/memorando/DespachoDAO.php. The idmemorando parameter is extracted from $REQUEST without validation and directly interpolated into...

8.8CVSS6.2AI score0.00392EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/04/06 9:1 p.m.14 views

CVE-2026-35395 WeGIA has a SQL Injection in DespachoDAO.php via id_memorando parameter

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, WeGIA Web gerenciador para instituições assistenciais contains a SQL injection vulnerability in dao/memorando/DespachoDAO.php. The idmemorando parameter is extracted from $REQUEST without validation and directly interpolated into...

8.8CVSS0.00392EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/06 9:1 p.m.4 views

EUVD-2026-19495

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, WeGIA Web gerenciador para instituições assistenciais contains a SQL injection vulnerability in dao/memorando/DespachoDAO.php. The idmemorando parameter is extracted from $REQUEST without validation and directly interpolated into...

8.8CVSS6.2AI score0.00392EPSS
Exploits1References1
CVE
CVE
added 2026/04/06 9:1 p.m.15 views

CVE-2026-35395

CVE-2026-35395 affects WeGIA, a web manager for charitable institutions. Before version 3.6.9, the vulnerability exists in dao/memorando/DespachoDAO.php where the parameter id_memorando is read from $_REQUEST without validation and directly interpolated into SQL queries. This leads to a SQL injec...

8.8CVSS6.2AI score0.00392EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2026/04/06 8:16 p.m.6 views

CVE-2026-35184

EcclesiaCRM is CRM Software for church management. Prior to 8.0.0, there is a SQL injection vulnerability in v2/templates/query/queryview.php via the custom and value parameters. This vulnerability is fixed in 8.0.0...

9.8CVSS0.0035EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/04/06 7:21 p.m.0 views

CVE-2026-35184 EcclesiaCRM has a Critical SQL Injection

EcclesiaCRM is CRM Software for church management. Prior to 8.0.0, there is a SQL injection vulnerability in v2/templates/query/queryview.php via the custom and value parameters. This vulnerability is fixed in 8.0.0...

8.7CVSS5.9AI score0.0035EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/04/06 7:21 p.m.1 views

CVE-2026-35184

EcclesiaCRM is CRM Software for church management. Prior to 8.0.0, there is a SQL injection vulnerability in v2/templates/query/queryview.php via the custom and value parameters. This vulnerability is fixed in 8.0.0...

8.7CVSS5.9AI score0.0035EPSS
Exploits1References5Affected Software1
EUVD
EUVD
added 2026/04/06 7:21 p.m.3 views

EUVD-2026-19468

EcclesiaCRM is CRM Software for church management. Prior to 8.0.0, there is a SQL injection vulnerability in v2/templates/query/queryview.php via the custom and value parameters. This vulnerability is fixed in 8.0.0...

8.7CVSS5.9AI score0.0035EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/04/06 7:21 p.m.14 views

CVE-2026-35184 EcclesiaCRM has a Critical SQL Injection

EcclesiaCRM is CRM Software for church management. Prior to 8.0.0, there is a SQL injection vulnerability in v2/templates/query/queryview.php via the custom and value parameters. This vulnerability is fixed in 8.0.0...

8.7CVSS0.0035EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/04/06 7:15 p.m.1 views

CVE-2026-5681 itsourcecode sanitize or validate this input Parameter borrowedequip.php sql injection

A flaw has been found in itsourcecode sanitize or validate this input 1.0. This impacts an unknown function of the file /borrowedequip.php of the component Parameter Handler. This manipulation of the argument empid causes sql injection. The attack is possible to be carried out remotely. The explo...

6.5CVSS5.7AI score0.00192EPSS
Exploits0References5
CVE
CVE
added 2026/04/06 7:15 p.m.11 views

CVE-2026-5681

CVE-2026-5681 affects the itsourcecode component’s Parameter Handler, specifically the /borrowedequip.php file where the emp_id input is not properly sanitized/validated, enabling a remote SQL injection. Exploits have been published and may be used. CVSS data indicates MEDIUM severity (CVSS 4.0 b...

6.5CVSS6.4AI score0.00192EPSS
Exploits0References5
Rows per page
Query Builder