Shodan
Vulnerabilities
Vulnerable Software
Churchcrm:  >> Churchcrm  Security Vulnerabilities
CVE-2023-38762
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the friendmonths parameter within the /QueryView.php.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-08-08
CVE-2023-38763
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the FundRaiserID parameter within the /FundRaiserEditor.php endpoint.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-08-08
CVE-2023-38764
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the birthmonth and percls parameters within the /QueryView.php.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-08-08
CVE-2023-38765
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the membermonth parameter within the /QueryView.php.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-08-08
CVE-2023-38766
Cross Site Scripting (XSS) vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to execute arbitrary code via a crafted payload to the PersonView.php component.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-08-08
CVE-2023-38767
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the 'value' and 'custom' parameters within the /QueryView.php.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-08-08
CVE-2023-33661
Multiple cross-site scripting (XSS) vulnerabilities were discovered in Church CRM v4.5.3 in GroupReports.php via GroupRole, ReportModel, and OnlyCart parameters.
CVSS Score
6.1
EPSS Score
0.005
Published
2023-06-29
CVE-2023-26842
A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the OptionManager.php.
CVSS Score
5.4
EPSS Score
0.175
Published
2023-05-31
CVE-2023-31548
A stored Cross-site scripting (XSS) vulnerability in the FundRaiserEditor.php component of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVSS Score
5.4
EPSS Score
0.192
Published
2023-05-31
CVE-2023-31699
ChurchCRM v4.5.4 is vulnerable to Reflected Cross-Site Scripting (XSS) via image file.
CVSS Score
4.8
EPSS Score
0.003
Published
2023-05-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved