CVE-2021-41965 in ChurchCRMinformazioni

Riassunto

di MITRE • 15/05/2022

A SQL injection vulnerability exists in ChurchCRM version 2.0.0 to 4.4.5 that allows an authenticated attacker to issue an arbitrary SQL command to the database through the unsanitized EN_tyid, theID and EID fields used when an Edit action on an existing record is being performed.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Prenotare

04/10/2021

Divulgazione

15/05/2022

Moderazione

accettato

CPE

pronto

EPSS

0.01112

KEV

no

Attività

molto basso

Fonti

Interested in the pricing of exploits?

See the underground prices here!