VYPR
Unrated severityNVD Advisory· Published Jul 26, 2024· Updated Aug 2, 2024

ChurchCRM SQL Injection Vulnerability

CVE-2024-39304

Description

ChurchCRM is an open-source church management system. Versions of the application prior to 5.9.2 are vulnerable to an authenticated SQL injection due to an improper sanitization of user input. Authentication is required, but no elevated privileges are necessary. This allows attackers to inject SQL statements directly into the database query due to inadequate sanitization of the EID parameter in in a GET request to /GetText.php. Version 5.9.2 patches the issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.