إرسال #671102: ChurchCRM <= 5.18.0 SQL Injectionالمعلومات

عنوانChurchCRM <= 5.18.0 SQL Injection
الوصفSQL injection vulnerability in ChurchCRM's EditEventAttendees.php (line 60) where the EID parameter is directly concatenated into SQL queries without sanitization or parameterized statements. Any authenticated user can inject arbitrary SQL commands using UNION-based techniques to extract complete database contents including administrative credentials, church member personal information, financial records, and donation data. The vulnerability enables privilege escalation, data manipulation, and potential system takeover through database compromise.
المصدر⚠️ https://github.com/uartu0/advisories/blob/main/churchcrm-sql-injection-2025.md
المستخدم
 uartu0 (UID 90021)
ارسال08/10/2025 05:16 AM (6 أشهر منذ)
الاعتدال18/10/2025 02:53 PM (10 days later)
الحالةمكرر
إدخال VulDB296272 [ChurchCRM حتى 5.13.0 EditEventAttendees EID حقن SQL]
النقاط0

التالي نظرة عامة السابق

Do you need the next level of professionalism?

Upgrade your account now!