exploitDog

CVE-2023-24685

Опубликовано: 09 фев. 2023

Источник: nvd

CVSS3: 7.2

EPSS Низкий

Описание

ChurchCRM v4.5.3 and below was discovered to contain a SQL injection vulnerability via the Event parameter under the Event Attendance reports module.

Ссылки

http://churchcrm.io/
Product
http://packetstormsecurity.com/files/172047/ChurchCRM-4.5.3-SQL-Injection.html
https://github.com/ChurchCRM/CRM/
Product
https://github.com/blakduk/Advisories/blob/main/ChurchCRM/README.md
Exploit
Third Party Advisory
http://churchcrm.io/
Product
http://packetstormsecurity.com/files/172047/ChurchCRM-4.5.3-SQL-Injection.html
https://github.com/ChurchCRM/CRM/
Product
https://github.com/blakduk/Advisories/blob/main/ChurchCRM/README.md
Exploit
Third Party Advisory
https://github.com/ChurchCRM/CRM/issues/6441

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:churchcrm:churchcrm:*:*:*:*:*:*:*:*

Версия до 4.5.3 (включая)

EPSS

Процентиль: 64%

0.00476

Низкий

7.2 High

CVSS3

Дефекты

CWE-89

CWE-89

Связанные уязвимости

GHSA-vqcg-f9xc-jc83

CVSS3: 7.2

github

почти 3 года назад

ChurchCRM v4.5.3 and below was discovered to contain a SQL injection vulnerability via the Event parameter under the Event Attendance reports module.

EPSS

Процентиль: 64%

0.00476

Низкий

7.2 High

CVSS3

Дефекты

CWE-89

CWE-89