Unrated severityNVD Advisory· Published Jul 26, 2024· Updated Aug 2, 2024
ChurchCRM SQL Injection Vulnerability
CVE-2024-39304
Description
ChurchCRM is an open-source church management system. Versions of the application prior to 5.9.2 are vulnerable to an authenticated SQL injection due to an improper sanitization of user input. Authentication is required, but no elevated privileges are necessary. This allows attackers to inject SQL statements directly into the database query due to inadequate sanitization of the EID parameter in in a GET request to /GetText.php. Version 5.9.2 patches the issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
2- github.com/ChurchCRM/CRM/commit/e3bd7bfbf33f01148df0ef1acdb0cf2c2b878b08mitrex_refsource_MISC
- github.com/ChurchCRM/CRM/security/advisories/GHSA-2rh6-gr3h-83j9mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.