Vulnerability CVE-2023-29842


Published: 2023-05-04

Description:
ChirchCRm 4.5.4 endpoint /EditEventTypes.php is vulnerable to Blind SQL Injection (Time-based) via the EN_tyid POST parameter.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
ChurchCRM 4.5.4 SQL Injection
Arvandy
16.10.2023

Type:

CWE-89

(Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'))

 References:
https://github.com/ChurchCRM/CRM
https://github.com/arvandy/CVE/blob/main/CVE-2023-29842/CVE-2023-29842.py
https://github.com/arvandy/CVE/blob/main/CVE-2023-29842/CVE-2023-29842.md

Copyright 2024, cxsecurity.com

 

Back to Top