Описание
ChurchCRM is an open-source church management system. A SQL Injection vulnerability exists in endpoint /PaddleNumEditor.php in ChurchCRM prior to version 6.7.2. Any authenticated user, including one with zero assigned permissions, can exploit SQL injection through the PerID parameter. Version 6.7.2 contains a patch for the issue.
EPSS
Процентиль: 7%
0.00028
Низкий
8.8 High
CVSS3
Дефекты
CWE-89
EPSS
Процентиль: 7%
0.00028
Низкий
8.8 High
CVSS3
Дефекты
CWE-89