CVE-2023-38763

Name of the Vulnerable Software and Affected Versions ChurchCRM version 5.0.0

Description A SQL injection issue allows a remote attacker to obtain sensitive information via the FundRaiserID parameter within the "/FundRaiserEditor.php" endpoint.

Recommendations For ChurchCRM version 5.0.0, as a temporary workaround, consider restricting access to the "/FundRaiserEditor.php" endpoint until a patch is available. Avoid using the FundRaiserID parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.