Shodan
Vulnerabilities
Vulnerable Software
Churchcrm:  >> Churchcrm  Security Vulnerabilities
CVE-2023-38768
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the PropertyID parameter within the /QueryView.php.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-08-08
CVE-2023-38769
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the searchstring and searchwhat parameters within the /QueryView.php.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-08-08
CVE-2023-38770
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the group parameter within the /QueryView.php.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-08-08
CVE-2023-38771
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the volopp parameter within the /QueryView.php.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-08-08
CVE-2023-38773
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the volopp1 and volopp2 parameters within the /QueryView.php.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-08-08
CVE-2023-38760
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the role and gender parameters within the /QueryView.php component.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-08-08
CVE-2023-38761
Cross Site Scripting (XSS) vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to execute arbitrary code via a crafted payload to the systemSettings.php component.
CVSS Score
6.1
EPSS Score
0.002
Published
2023-08-08
CVE-2023-38762
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the friendmonths parameter within the /QueryView.php.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-08-08
CVE-2023-38763
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the FundRaiserID parameter within the /FundRaiserEditor.php endpoint.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-08-08
CVE-2023-38764
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the birthmonth and percls parameters within the /QueryView.php.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-08-08


Products
Pricing
Contact Us

Shodan ® - All rights reserved