exploitDog

CVE-2023-24684

Опубликовано: 09 фев. 2023

Источник: nvd

CVSS3: 7.2

EPSS Низкий

Описание

ChurchCRM v4.5.3 and below was discovered to contain a SQL injection vulnerability via the EID parameter at GetText.php.

Ссылки

http://churchcrm.io/
Product
https://github.com/ChurchCRM/CRM
Product
https://github.com/blakduk/Advisories/blob/main/ChurchCRM/README.md
Exploit
Third Party Advisory
http://churchcrm.io/
Product
https://github.com/ChurchCRM/CRM
Product
https://github.com/blakduk/Advisories/blob/main/ChurchCRM/README.md
Exploit
Third Party Advisory
https://github.com/ChurchCRM/CRM/issues/6440

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:churchcrm:churchcrm:*:*:*:*:*:*:*:*

Версия до 4.5.3 (включая)

EPSS

Процентиль: 30%

0.00111

Низкий

7.2 High

CVSS3

Дефекты

CWE-89

CWE-89

Связанные уязвимости

GHSA-fcgr-87fq-q88m

CVSS3: 7.2

github

почти 3 года назад

ChurchCRM v4.5.3 and below was discovered to contain a SQL injection vulnerability via the EID parameter at GetText.php.

EPSS

Процентиль: 30%

0.00111

Низкий

7.2 High

CVSS3

Дефекты

CWE-89

CWE-89