2 matches found
CVE-2022-31325
There is a SQL Injection vulnerability in ChurchCRM 4.4.5 via the 'PersonID' field in /churchcrm/WhyCameEditor.php...
PT-2022-20688 · Churchcrm · Churchcrm
Name of the Vulnerable Software and Affected Versions: ChurchCRM version 4.4.5 Description: There is a SQL Injection issue via the PersonID field in the "/churchcrm/WhyCameEditor.php" API endpoint. Recommendations: For ChurchCRM version 4.4.5, as a temporary workaround, consider restricting acces...