Submeter #671102: ChurchCRM <= 5.18.0 SQL Injectioninformação

TítuloChurchCRM <= 5.18.0 SQL Injection
DescriçãoSQL injection vulnerability in ChurchCRM's EditEventAttendees.php (line 60) where the EID parameter is directly concatenated into SQL queries without sanitization or parameterized statements. Any authenticated user can inject arbitrary SQL commands using UNION-based techniques to extract complete database contents including administrative credentials, church member personal information, financial records, and donation data. The vulnerability enables privilege escalation, data manipulation, and potential system takeover through database compromise.
Fonte⚠️ https://github.com/uartu0/advisories/blob/main/churchcrm-sql-injection-2025.md
Utilizador
 uartu0 (UID 90021)
Submissão08/10/2025 05h16 (há 7 meses)
Moderação18/10/2025 14h53 (10 days later)
EstadoDuplicado
Entrada VulDB296272 [ChurchCRM até 5.13.0 EditEventAttendees EID Injeção SQL]
Pontos0

VoltarVisão GeralPróximo

Do you want to use VulDB in your project?

Use the official API to access entries easily!