PT-2023-19735 · Churchcrm · Churchcrm

Blakduk

Publicado

2023-02-09

Atualizado

2025-03-24

CVE-2023-24684

CVSS v3.1

7.2

Alta

Vetor

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ChurchCRM versions 4.5.3 and below

Description The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the EID parameter at the "GetText.php" endpoint.

Recommendations For ChurchCRM versions 4.5.3 and below, update to a version above 4.5.3 to resolve the issue. As a temporary workaround, consider restricting access to the "GetText.php" endpoint to minimize the risk of exploitation. Avoid using the EID parameter in the affected endpoint until the issue is resolved.

Exploit

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2023-24684

Produtos afetados

Churchcrm

PT-2023-19735 · Churchcrm · Churchcrm

CVE-2023-24684

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8