CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2005-2473

Multiple SQL injection vulnerabilities in ChurchInfo allow remote attackers to execute arbitrary SQL commands via the PersonID parameter to (1) PersonView.php, (2) MemberRoleChange.php, (3) PropertyAssign.php, (4) WhyCameEditor.php, (5) GroupPropsEditor.php, (6) Reports/PDFLabel.php, or (7) UserDelete.php, (8) DepositSlipID parameter to DepositSlipEditor.php, (9) QueryID parameter to QueryView.php, GroupID parameter to (10) GroupView.php, (11) GroupMemberList.php, (12) MemberRoleChange.php, (13) GroupDelete.php, (14) /Reports/ClassAttendance.php, or (15) /Reports/GroupReport.php, (16) PropertyID parameter to PropertyEditor.php, FamilyID parameter to (17) Canvas05Editor.php, (18) CanvasEditor.php, or (19) FamilyView.php, or (20) PledgeID parameter to PledgeDetails.php.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.021

EPSS Ranking 83.4%

CVSS Severity

CVSS v2 Score 7.5

References

Products affected by CVE-2005-2473

Churchinfo » Churchinfo » Version: 1.1.1

cpe:2.3:a:churchinfo:churchinfo:1.1.1
Churchinfo » Churchinfo » Version: 1.1.2

cpe:2.3:a:churchinfo:churchinfo:1.1.2
Churchinfo » Churchinfo » Version: 1.1.3

cpe:2.3:a:churchinfo:churchinfo:1.1.3
Churchinfo » Churchinfo » Version: 1.1.4

cpe:2.3:a:churchinfo:churchinfo:1.1.4
Churchinfo » Churchinfo » Version: 1.1.5

cpe:2.3:a:churchinfo:churchinfo:1.1.5
Churchinfo » Churchinfo » Version: 1.1.6

cpe:2.3:a:churchinfo:churchinfo:1.1.6
Churchinfo » Churchinfo » Version: 1.2.0

cpe:2.3:a:churchinfo:churchinfo:1.2.0
Churchinfo » Churchinfo » Version: 1.2.1

cpe:2.3:a:churchinfo:churchinfo:1.2.1
Churchinfo » Churchinfo » Version: 1.2.2

cpe:2.3:a:churchinfo:churchinfo:1.2.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2005-2473

Products

Pricing

Contact Us