Filtered by vendor Church Management System Project
Subscribe
Filtered by product Church Management System
Subscribe
Total
8 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-41406 | 1 Church Management System Project | 1 Church Management System | 2025-05-20 | N/A | 7.2 HIGH |
|
An arbitrary file upload vulnerability in the /admin/admin_pic.php component of Church Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.
|
|||||
| CVE-2022-45328 | 1 Church Management System Project | 1 Church Management System | 2025-04-24 | N/A | 7.2 HIGH |
|
Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_members.php.
|
|||||
| CVE-2022-38605 | 1 Church Management System Project | 1 Church Management System | 2024-11-21 | N/A | 7.2 HIGH |
|
Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_event.php.
|
|||||
| CVE-2022-38595 | 1 Church Management System Project | 1 Church Management System | 2024-11-21 | N/A | 7.2 HIGH |
|
Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_user.php.
|
|||||
| CVE-2022-38594 | 1 Church Management System Project | 1 Church Management System | 2024-11-21 | N/A | 7.2 HIGH |
|
Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_visitor.php.
|
|||||
| CVE-2022-2680 | 1 Church Management System Project | 1 Church Management System | 2024-11-21 | N/A | 6.3 MEDIUM |
|
A vulnerability classified as critical has been found in SourceCodester Church Management System 1.0. Affected is an unknown function of the file /login.php. The manipulation of the argument username with the input ' OR (SELECT 7064 FROM(SELECT COUNT(*),CONCAT(0x71627a7671,(SELECT (ELT(7064=7064,1))),0x716b707871,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- jURL leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the publi ...
Show More |
|||||
| CVE-2021-41661 | 1 Church Management System Project | 1 Church Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Church Management System version 1.0 is affected by a SQL anjection vulnerability through creating a user with a PHP file as an avatar image, which is accessible through the /uploads directory. This can lead to RCE on the web server by uploading a PHP webshell.
|
|||||
| CVE-2021-41643 | 1 Church Management System Project | 1 Church Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Remote Code Execution (RCE) vulnerability exists in Sourcecodester Church Management System 1.0 via the image upload field.
|
|||||