Churchcrm: >> Churchcrm >> 4.5.3 Security Vulnerabilities
A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3 allows attackers to edit information for existing people on the site.
CVSS Score
4.3
EPSS Score
0.002
Published
2023-04-25
A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3 allows attackers to set a person to a user and set that user to be an Administrator.
CVSS Score
5.3
EPSS Score
0.001
Published
2023-04-25
The hashing algorithm of ChurchCRM v4.5.3 utilizes a non-random salt value which allows attackers to use precomputed hash tables or dictionary attacks to crack the hashed passwords.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-04-04
A cross-site scripting (XSS) vulnerability in the Edit Group function of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Group Name text field.
CVSS Score
5.4
EPSS Score
0.005
Published
2023-03-16
ChurchCRM v4.5.3 and below was discovered to contain a SQL injection vulnerability via the EID parameter at GetText.php.
CVSS Score
7.2
EPSS Score
0.004
Published
2023-02-09
ChurchCRM v4.5.3 and below was discovered to contain a SQL injection vulnerability via the Event parameter under the Event Attendance reports module.
CVSS Score
7.2
EPSS Score
0.006
Published
2023-02-09
An issue in the CSV Import function of ChurchCRM v4.5.3 and below allows attackers to execute arbitrary code via importing a crafted CSV file.
CVSS Score
4.8
EPSS Score
0.005
Published
2023-02-09
ChurchCRM 4.5.3 and below was discovered to contain a stored cross-site scripting (XSS) vulnerability at /api/public/register/family.
CVSS Score
5.4
EPSS Score
0.003
Published
2023-02-09
Page 5