Shodan
Vulnerabilities
Vulnerable Software
Churchcrm:  >> Churchcrm  Security Vulnerabilities
CVE-2023-38765
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the membermonth parameter within the /QueryView.php.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-08-08
CVE-2023-38766
Cross Site Scripting (XSS) vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to execute arbitrary code via a crafted payload to the PersonView.php component.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-08-08
CVE-2023-38767
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the 'value' and 'custom' parameters within the /QueryView.php.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-08-08
CVE-2023-33661
Multiple cross-site scripting (XSS) vulnerabilities were discovered in Church CRM v4.5.3 in GroupReports.php via GroupRole, ReportModel, and OnlyCart parameters.
CVSS Score
6.1
EPSS Score
0.005
Published
2023-06-29
CVE-2023-26842
A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the OptionManager.php.
CVSS Score
5.4
EPSS Score
0.175
Published
2023-05-31
CVE-2023-31548
A stored Cross-site scripting (XSS) vulnerability in the FundRaiserEditor.php component of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVSS Score
5.4
EPSS Score
0.15
Published
2023-05-31
CVE-2023-31699
ChurchCRM v4.5.4 is vulnerable to Reflected Cross-Site Scripting (XSS) via image file.
CVSS Score
4.8
EPSS Score
0.003
Published
2023-05-17
CVE-2023-29842
ChurchCRM 4.5.4 endpoint /EditEventTypes.php is vulnerable to Blind SQL Injection (Time-based) via the EN_tyid POST parameter.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-05-04
CVE-2023-26841
A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3 allows attackers to change any user's password except for the user that is currently logged in.
CVSS Score
6.5
EPSS Score
0.004
Published
2023-04-25
CVE-2023-26843
A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the NoteEditor.php.
CVSS Score
5.4
EPSS Score
0.126
Published
2023-04-25


Products
Pricing
Contact Us

Shodan ® - All rights reserved