Xy20130630

Name of the Vulnerable Software and Affected Versions ChurchCRM versions prior to 7.1.0 Description ChurchCRM, an open-source church management system, contains a SQL injection issue in the EditEventTypes.php file, accessible to administrators. The `EN tyid` POST parameter is not properly sanitized before being used in a SQL query, potentially allowing an administrator to execute arbitrary SQL commands against the database. Recommendations Update to version 7.1.0 or later.

**Name of the Vulnerable Software and Affected Versions** ChurchCRM versions prior to 6.5.3 **Description** ChurchCRM is an open-source church management system. A SQL injection issue exists in the `src/ListEvents.php` file. The `WhichType` POST parameter is not properly sanitized before being used in SQL queries. This allows an authenticated user to execute arbitrary SQL commands, potentially leading to the exfiltration, modification, or deletion of data, including user credentials and financial information. Any authenticated user, regardless of their privilege level, can execute arbitrary queries on the database. **Recommendations** Update to version 6.5.3 or later.

**Name of the Vulnerable Software and Affected Versions** ChurchCRM versions prior to 6.5.3 **Description** ChurchCRM is an open-source church management system. A SQL injection issue exists in the `src/UserEditor.php` file. When an administrator saves a user’s configuration settings, the keys of the `type` POST parameter array are not properly sanitized before being used in SQL queries. This allows a malicious or compromised administrator account to execute arbitrary SQL commands, including time-based blind SQL injection attacks, to directly interact with the database. The vulnerability is located in the logic that handles saving user-specific configuration settings. The `type` parameter from the POST request is processed as an array, and the key of this array is used in SQL queries without sanitization. This can be used to exfiltrate, modify, or delete data, and potentially lead to further system compromise. The vulnerability requires administrator privileges to exploit. **Recommendations** Update ChurchCRM to version 6.5.3 or later.

**Name of the Vulnerable Software and Affected Versions** ChurchCRM versions prior to 6.5.3 **Description** ChurchCRM is an open-source church management system. A SQL injection issue exists in the `eGive.php` file within the "ReImport" functionality. An authenticated user with finance privileges can execute arbitrary SQL queries by manipulating the `MissingEgive FamID ...` POST parameter. This can lead to unauthorized data access, modification, or deletion within the database. **Recommendations** Update to version 6.5.3 or later.

**Name of the Vulnerable Software and Affected Versions** ChurchCRM versions prior to 6.5.0 **Description** A SQL injection issue exists in the `EventEditor.php` file of ChurchCRM. The `EN tyid` POST parameter, used when creating a new event and selecting an event type, is not properly sanitized. This allows a user with event management permissions (`isAddEvent`) to execute arbitrary SQL queries. **Recommendations** Update to version 6.5.0 or later.

**Name of the Vulnerable Software and Affected Versions** TorrentPier versions up to and including 2.8.8 **Description** TorrentPier, a BitTorrent Public/Private tracker engine, contains an authenticated SQL injection flaw in the moderator control panel, specifically within the `modcp.php` file. A user with moderator permissions can inject malicious SQL code through the `topic id` (`t`) parameter. This allows the execution of arbitrary SQL queries, potentially leading to data disclosure, modification, or deletion. The vulnerable code directly incorporates the `topic id` variable into an SQL query without proper sanitization. Exploitation requires moderator privileges and can be performed using tools like `sqlmap`. The vulnerability is a time-based blind SQL injection. **Recommendations** Versions prior to 2.8.8 should be updated to a newer version that includes the patch available at commit 6a0f6499d89fa5d6e2afa8ee53802a1ad11ece80.