CVE-2005-2474
Description
ChurchInfo allows remote attackers to execute obtain sensitive information via the PersonID parameter to (1) PersonView.php, (2) MemberRoleChange.php, (3) PropertyAssign.php, (4) WhyCameEditor.php, (5) GroupPropsEditor.php, (6) Reports/PDFLabel.php, or (7) UserDelete.php, an invalid Number parameter to (8) SelectList.php or (9) SelectDelete.php, GroupID parameter to (10) GroupView.php, (11) GroupMemberList.php, (12) MemberRoleChange.php, (13) GroupDelete.php, (14) /Reports/ClassAttendance.php, or (15) /Reports/GroupReport.php, (16) PropertyID parameter to PropertyEditor.php, FamilyID parameter to (17) Canvas05Editor.php, (18) CanvasEditor.php, or (19) FamilyView.php, or (20) PledgeID parameter to PledgeDetails.php, which reveal the path in an error message.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
10cpe:2.3:a:churchinfo:churchinfo:1.1.1:*:*:*:*:*:*:*+ 9 more
- cpe:2.3:a:churchinfo:churchinfo:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:churchinfo:churchinfo:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:churchinfo:churchinfo:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:churchinfo:churchinfo:1.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:churchinfo:churchinfo:1.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:churchinfo:churchinfo:1.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:churchinfo:churchinfo:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:churchinfo:churchinfo:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:churchinfo:churchinfo:1.2.2:*:*:*:*:*:*:*
- (no CPE)
Patches
Vulnerability mechanics
References
18- marc.infonvd
- secunia.com/advisories/16292nvd
- securitytracker.com/idnvd
- www.osvdb.org/18425nvd
- www.osvdb.org/18426nvd
- www.osvdb.org/18429nvd
- www.osvdb.org/18430nvd
- www.osvdb.org/18431nvd
- www.osvdb.org/18432nvd
- www.osvdb.org/18433nvd
- www.osvdb.org/18434nvd
- www.osvdb.org/18435nvd
- www.osvdb.org/18436nvd
- www.osvdb.org/18437nvd
- www.osvdb.org/18438nvd
- www.osvdb.org/18439nvd
- www.osvdb.org/18450nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/21648nvd
News mentions
0No linked articles in our index yet.