CVE-2024-53438

Name of the Vulnerable Software and Affected Versions ChurchCRM version 5.7.0

Description The issue is related to SQL injection in the EventAttendance.php file. An attacker can exploit this by manipulating the Event parameter, which is directly interpolated into the SQL query without proper sanitization or validation, allowing attackers to execute arbitrary SQL commands.

Recommendations For ChurchCRM version 5.7.0, as a temporary workaround, consider validating and sanitizing the Event parameter to prevent SQL injection attacks. However, at the moment, there is no information about a newer version that contains a fix for this vulnerability.