Churchcrm Security Vulnerabilities and Issues — Churchcrm CVE List

Lucene search

ChurchcrmChurchcrm

8 matches found

cve•added 2024/02/21 6:15 p.m.•52 views

CVE-2024-25897

ChurchCRM 5.5.0 FRCatalog.php is vulnerable to Blind SQL Injection (Time-based) via the CurrentFundraiser GET parameter.

9.8CVSS8AI score0.12317EPSS

cve•added 2024/02/21 6:15 p.m.•40 views

CVE-2024-25895

A reflected cross-site scripting (XSS) vulnerability in ChurchCRM 5.5.0 allows remote attackers to inject arbitrary web script or HTML via the type parameter of /EventAttendance.php

6.1CVSS5.6AI score0.0014EPSS

cve•added 2024/02/21 6:15 p.m.•37 views

CVE-2024-25892

ChurchCRM 5.5.0 ConfirmReport.php is vulnerable to Blind SQL Injection (Time-based) via the familyId GET parameter.

8.1CVSS8AI score0.0028EPSS

cve•added 2024/02/21 6:15 p.m.•32 views

CVE-2024-25893

ChurchCRM 5.5.0 FRCertificates.php is vulnerable to Blind SQL Injection (Time-based) via the CurrentFundraiser GET parameter.

9.1CVSS8AI score0.00184EPSS

cve•added 2024/02/21 6:15 p.m.•32 views

CVE-2024-25896

ChurchCRM 5.5.0 EventEditor.php is vulnerable to Blind SQL Injection (Time-based) via the EID POST parameter.

5.3CVSS8AI score0.0019EPSS

cve•added 2024/02/21 6:15 p.m.•31 views

CVE-2024-25894

ChurchCRM 5.5.0 /EventEditor.php is vulnerable to Blind SQL Injection (Time-based) via the EventCount POST parameter.

9.8CVSS8AI score0.0028EPSS

cve•added 2024/02/21 6:15 p.m.•30 views

CVE-2024-25891

ChurchCRM 5.5.0 FRBidSheets.php is vulnerable to Blind SQL Injection (Time-based) via the CurrentFundraiser GET parameter.

7.5CVSS8AI score0.00264EPSS

cve•added 2024/02/21 6:15 p.m.•26 views

CVE-2024-25898

A XSS vulnerability was found in the ChurchCRM v.5.5.0 functionality, edit your event, where malicious JS or HTML code can be inserted in the Event Sermon field in EventEditor.php.

6.1CVSS6AI score0.00093EPSS