CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2005-2474

ChurchInfo allows remote attackers to execute obtain sensitive information via the PersonID parameter to (1) PersonView.php, (2) MemberRoleChange.php, (3) PropertyAssign.php, (4) WhyCameEditor.php, (5) GroupPropsEditor.php, (6) Reports/PDFLabel.php, or (7) UserDelete.php, an invalid Number parameter to (8) SelectList.php or (9) SelectDelete.php, GroupID parameter to (10) GroupView.php, (11) GroupMemberList.php, (12) MemberRoleChange.php, (13) GroupDelete.php, (14) /Reports/ClassAttendance.php, or (15) /Reports/GroupReport.php, (16) PropertyID parameter to PropertyEditor.php, FamilyID parameter to (17) Canvas05Editor.php, (18) CanvasEditor.php, or (19) FamilyView.php, or (20) PledgeID parameter to PledgeDetails.php, which reveal the path in an error message.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.011

EPSS Ranking 77.0%

CVSS Severity

CVSS v2 Score 5.0

References

Products affected by CVE-2005-2474

Churchinfo » Churchinfo » Version: 1.1.1

cpe:2.3:a:churchinfo:churchinfo:1.1.1
Churchinfo » Churchinfo » Version: 1.1.2

cpe:2.3:a:churchinfo:churchinfo:1.1.2
Churchinfo » Churchinfo » Version: 1.1.3

cpe:2.3:a:churchinfo:churchinfo:1.1.3
Churchinfo » Churchinfo » Version: 1.1.4

cpe:2.3:a:churchinfo:churchinfo:1.1.4
Churchinfo » Churchinfo » Version: 1.1.5

cpe:2.3:a:churchinfo:churchinfo:1.1.5
Churchinfo » Churchinfo » Version: 1.1.6

cpe:2.3:a:churchinfo:churchinfo:1.1.6
Churchinfo » Churchinfo » Version: 1.2.0

cpe:2.3:a:churchinfo:churchinfo:1.2.0
Churchinfo » Churchinfo » Version: 1.2.1

cpe:2.3:a:churchinfo:churchinfo:1.2.1
Churchinfo » Churchinfo » Version: 1.2.2

cpe:2.3:a:churchinfo:churchinfo:1.2.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2005-2474

Products

Pricing

Contact Us