VYPR

Churchinfo

by Churchinfo

CVEs (3)

  • CVE-2021-43258Nov 23, 2022
    risk 0.04cvss epss 0.11

    CartView.php in ChurchInfo 1.3.0 allows attackers to achieve remote code execution through insecure uploads. This requires authenticated access tot he ChurchInfo application. Once authenticated, a user can add names to their cart, and compose an email. Uploading an attachment…

  • CVE-2005-2473Aug 5, 2005
    risk 0.00cvss epss 0.02

    Multiple SQL injection vulnerabilities in ChurchInfo allow remote attackers to execute arbitrary SQL commands via the PersonID parameter to (1) PersonView.php, (2) MemberRoleChange.php, (3) PropertyAssign.php, (4) WhyCameEditor.php, (5) GroupPropsEditor.php, (6)…

  • CVE-2005-2474Aug 5, 2005
    risk 0.00cvss epss 0.02

    ChurchInfo allows remote attackers to execute obtain sensitive information via the PersonID parameter to (1) PersonView.php, (2) MemberRoleChange.php, (3) PropertyAssign.php, (4) WhyCameEditor.php, (5) GroupPropsEditor.php, (6) Reports/PDFLabel.php, or (7) UserDelete.php, an…