Lucene search

K
ChurchcrmChurchcrm

9 matches found

CVE
CVE
added 2025/02/18 10:15 a.m.57 views

CVE-2025-1023

A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a time-based blind SQL Injection vulnerability in the EditEventTypes functionality. The newCountName parameter is directly concatenated into an SQL query without proper saniti...

9.8CVSS7.9AI score0.00147EPSS
CVE
CVE
added 2024/02/21 6:15 p.m.51 views

CVE-2024-25897

ChurchCRM 5.5.0 FRCatalog.php is vulnerable to Blind SQL Injection (Time-based) via the CurrentFundraiser GET parameter.

9.8CVSS8AI score0.12317EPSS
CVE
CVE
added 2024/11/22 5:15 p.m.50 views

CVE-2024-53438

EventAttendance.php in ChurchCRM 5.7.0 is vulnerable to SQL injection. An attacker can exploit this vulnerability by manipulating the 'Event' parameter, which is directly interpolated into the SQL query without proper sanitization or validation, allowing attackers to execute arbitrary SQL commands.

9.8CVSS8.2AI score0.00255EPSS
CVE
CVE
added 2025/02/19 9:15 a.m.49 views

CVE-2025-1133

A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based blind SQL Injection vulnerability in the EditEventAttendees functionality. The EID parameter is directly concatenated into an SQL query without proper sanitiza...

9.3CVSS7.8AI score0.00075EPSS
CVE
CVE
added 2025/02/19 9:15 a.m.48 views

CVE-2025-1135

A vulnerability exists in ChurchCRM 5.13.0. and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based and time-based blind SQL Injection vulnerability in the BatchWinnerEntry functionality. The CurrentFundraiser parameter is directly concatenated into an SQL q...

9.3CVSS7.5AI score0.00137EPSS
CVE
CVE
added 2025/02/19 9:15 a.m.47 views

CVE-2025-1132

A time-based blind SQL Injection vulnerability exists in the ChurchCRM 5.13.0 and prior EditEventAttendees.php within the EN_tyid parameter. The parameter is directly inserted into an SQL query without proper sanitization, allowing attackers to inject malicious SQL commands. Please note that the vu...

9.3CVSS7.4AI score0.00055EPSS
CVE
CVE
added 2025/02/19 9:15 a.m.46 views

CVE-2025-1134

A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based and time-based blind SQL Injection vulnerability in the DonatedItemEditor functionality. The CurrentFundraiser parameter is directly concatenated into an SQL q...

9.3CVSS7.5AI score0.00137EPSS
CVE
CVE
added 2024/02/21 6:15 p.m.31 views

CVE-2024-25893

ChurchCRM 5.5.0 FRCertificates.php is vulnerable to Blind SQL Injection (Time-based) via the CurrentFundraiser GET parameter.

9.1CVSS8AI score0.00184EPSS
CVE
CVE
added 2024/02/21 6:15 p.m.30 views

CVE-2024-25894

ChurchCRM 5.5.0 /EventEditor.php is vulnerable to Blind SQL Injection (Time-based) via the EventCount POST parameter.

9.8CVSS8AI score0.0028EPSS