9 matches found
CVE-2024-3539
CVE-2024-3539 affects Campcodes Church Management System 1.0. A SQL injection vulnerability exists in the /admin/addgiving.php file, caused by improper handling of the amount parameter. The attack is remotely exploitable and has publicly disclosed exploit information. Affected CVSS metrics indica...
CVE-2024-3541
CVE-2024-3541 affects Campcodes Church Management System 1.0, with a cross-site scripting vulnerability in the /admin/admin_user.php file. The flaw is triggered by manipulating the firstname parameter and can be exploited remotely; multiple sources note that the exploit has been disclosed publicl...
CVE-2024-3538
The CVE-2024-3538 entry covers Campcodes Church Management System 1.0, where an SQL injection affects an unknown function in /admin/addTithes.php via the na parameter. The vulnerability can be exploited remotely and has been disclosed publicly. No remediation or patch details are provided in the ...
CVE-2024-3540
CVE-2024-3540 affects Campcodes Church Management System 1.0. Affected component: /admin/add_sundaysch.php where the Gender parameter can be manipulated to trigger SQL injection. Root cause: unsanitized input in a server-side query, enabling remote exploitation. Publicly disclosed exploit exists....
CVE-2024-3534
CVE-2024-3534 affects Campcodes Church Management System 1.0. The issue is a SQL injection in login.php via the password parameter, enabling remote exploitation. Several connected sources confirm a critical risk (network vector, low attack complexity, no privileges required) and that the vulnerab...
CVE-2024-3536
CVE-2024-3536 affects Campcodes Church Management System 1.0. The vulnerability is a SQL injection in the /admin/delete_log.php file caused by unsafely handling the selector parameter. Exploitation is possible remotely, and public exploit information has been disclosed. Impact is described variab...
CVE-2024-3535
CVE-2024-3535 describes a critical SQL injection in Campcodes Church Management System 1.0, arising from the password parameter in /admin/index.php. The vulnerability permits remote exploitation and has publicly disclosed exploits (VDB-259905). Multiple sources corroborate the issue and its linka...
CVE-2024-3537
CVE-2024-3537 affects Campcodes Church Management System 1.0. The vulnerability lies in the /admin/admin_user.php file, where manipulation of the firstname parameter enables SQL injection due to improper input handling. The issue can be triggered remotely, and public exploit disclosures exist. Af...
CVE-2024-3542
Campcodes Church Management System 1.0 contains a cross-site scripting vulnerability in /admin/add_visitor.php, triggered by the mobile parameter. Description indicates remote initiation and publicly disclosed exploit; CVSS metrics cite MEDIUM impact overall (NVD 6.1). Connected sources corrobora...