CVE-2005-2474
Description
ChurchInfo allows remote attackers to execute obtain sensitive information via the PersonID parameter to (1) PersonView.php, (2) MemberRoleChange.php, (3) PropertyAssign.php, (4) WhyCameEditor.php, (5) GroupPropsEditor.php, (6) Reports/PDFLabel.php, or (7) UserDelete.php, an invalid Number parameter to (8) SelectList.php or (9) SelectDelete.php, GroupID parameter to (10) GroupView.php, (11) GroupMemberList.php, (12) MemberRoleChange.php, (13) GroupDelete.php, (14) /Reports/ClassAttendance.php, or (15) /Reports/GroupReport.php, (16) PropertyID parameter to PropertyEditor.php, FamilyID parameter to (17) Canvas05Editor.php, (18) CanvasEditor.php, or (19) FamilyView.php, or (20) PledgeID parameter to PledgeDetails.php, which reveal the path in an error message.
Affected products
9cpe:2.3:a:churchinfo:churchinfo:1.1.1:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:a:churchinfo:churchinfo:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:churchinfo:churchinfo:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:churchinfo:churchinfo:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:churchinfo:churchinfo:1.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:churchinfo:churchinfo:1.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:churchinfo:churchinfo:1.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:churchinfo:churchinfo:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:churchinfo:churchinfo:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:churchinfo:churchinfo:1.2.2:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
18- marc.infonvd
- secunia.com/advisories/16292nvd
- securitytracker.com/idnvd
- www.osvdb.org/18425nvd
- www.osvdb.org/18426nvd
- www.osvdb.org/18429nvd
- www.osvdb.org/18430nvd
- www.osvdb.org/18431nvd
- www.osvdb.org/18432nvd
- www.osvdb.org/18433nvd
- www.osvdb.org/18434nvd
- www.osvdb.org/18435nvd
- www.osvdb.org/18436nvd
- www.osvdb.org/18437nvd
- www.osvdb.org/18438nvd
- www.osvdb.org/18439nvd
- www.osvdb.org/18450nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/21648nvd
News mentions
0No linked articles in our index yet.