Church Management System Security Vulnerabilities and Issues — Church Management System CVE List

Lucene search

Church Management System ProjectChurch Management System

10 matches found

CVE•added 2022/06/13 11:15 p.m.•67 views

CVE-2021-41661

Church Management System version 1.0 is affected by a SQL anjection vulnerability through creating a user with a PHP file as an avatar image, which is accessible through the /uploads directory. This can lead to RCE on the web server by uploading a PHP webshell.

9.8CVSS9.6AI score0.00486EPSS

CVE•added 2022/08/05 9:15 p.m.•59 views

CVE-2022-2680

A vulnerability classified as critical has been found in SourceCodester Church Management System 1.0. Affected is an unknown function of the file /login.php. The manipulation of the argument username with the input ' OR (SELECT 7064 FROM(SELECT COUNT(*),CONCAT(0x71627a7671,(SELECT (ELT(7064=7064,1)...

8.8CVSS7.9AI score0.00042EPSS

CVE•added 2022/09/15 2:15 a.m.•42 views

CVE-2022-38595

Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_user.php.

7.2CVSS7.2AI score0.00086EPSS

CVE•added 2022/10/12 12:15 a.m.•41 views

CVE-2022-41406

An arbitrary file upload vulnerability in the /admin/admin_pic.php component of Church Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.

7.2CVSS7.3AI score0.00107EPSS

CVE•added 2024/04/10 4:15 a.m.•40 views

CVE-2024-3537

A vulnerability was found in Campcodes Church Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/admin_user.php. The manipulation of the argument firstname leads to sql injection. The attack may be initiated remotely. The exploit has been...

8.8CVSS7.3AI score0.00221EPSS

CVE•added 2024/04/10 6:15 a.m.•40 views

CVE-2024-3541

A vulnerability classified as problematic has been found in Campcodes Church Management System 1.0. This affects an unknown part of the file /admin/admin_user.php. The manipulation of the argument firstname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit h...

6.1CVSS6.2AI score0.00288EPSS

CVE•added 2022/09/15 2:15 a.m.•34 views

CVE-2022-38594

Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_visitor.php.

7.2CVSS7.2AI score0.00086EPSS

CVE•added 2021/10/29 5:15 p.m.•32 views

CVE-2021-41643

Remote Code Execution (RCE) vulnerability exists in Sourcecodester Church Management System 1.0 via the image upload field.

9.8CVSS9.6AI score0.1073EPSS

CVE•added 2022/11/30 3:15 a.m.•32 views

CVE-2022-45328

Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_members.php.

7.2CVSS7.2AI score0.00058EPSS

CVE•added 2022/09/12 9:15 p.m.•24 views

CVE-2022-38605

Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_event.php.

7.2CVSS7.2AI score0.00086EPSS