Vulnerability CVE-2023-24787


Published: 2023-03-23   Modified: 2023-03-24

Description:
RESERVED churchcrm v4.5.3 was discovered to contain a SQL injection vulnerability via the Event parameter at /churchcrm/EventAttendance.php.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
ChurchCRM 4.5.1 SQL Injection
Arvandy
10.04.2023

Type:

CWE-89

(Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'))

 References:
https://github.com/ChurchCRM/CRM
https://github.com/arvandy/CVE/blob/main/CVE-2023-24787/CVE-2023-24787.py
https://github.com/arvandy/CVE/blob/main/CVE-2023-24787/CVE-2023-24787.md

Copyright 2024, cxsecurity.com

 

Back to Top