CVE-2024-39304 | ChurchCRM up to 5.9.1 /GetText.php EID sql injection (GHSA-2rh6-gr3h-83j9)

Inserito da Angelo Barbosa | Lug 26, 2024 | CVE

A vulnerability, which was classified as critical, has been found in ChurchCRM up to 5.9.1. Affected by this issue is some unknown functionality of the file /GetText.php. The manipulation of the argument EID leads to sql injection.

This vulnerability is handled as CVE-2024-39304. The attack may be launched remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-39304 | ChurchCRM up to 5.9.1 /GetText.php EID sql injection (GHSA-2rh6-gr3h-83j9)

Post correlati

CVE-2024-34451 | Ghost up to 5.85.1 Header X-Forwarded-For protection mechanism

CVE-2024-6422 | Pepperl+Fuchs OIT1500-F113-B12-CB up to 2.11.0 Telnet missing authentication (VDE-2024-038)

CVE-2024-43242 | azzaroco Ultimate Membership Pro Plugin up to 12.6 on WordPress deserialization

CVE-2024-4317 | PostgreSQL up to 14.11/15.6/16.2 pg_stats_ext/pg_stats_ext_exprs authorization