Today > 5 Critical | 7 High | 33 Medium vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-53438

Nov. 22, 2024, 5:15 p.m.

Tags

cve@mitre.org
2024-11-22
CVE-2024-53438

Product(s) Impacted

ChurchCRM

  • 5.7.0

Description

EventAttendance.php in ChurchCRM 5.7.0 is vulnerable to SQL injection. An attacker can exploit this vulnerability by manipulating the 'Event' parameter, which is directly interpolated into the SQL query without proper sanitization or validation, allowing attackers to execute arbitrary SQL commands.

Weaknesses

Date

Published: Nov. 22, 2024, 5:15 p.m.

Last Modified: Nov. 22, 2024, 5:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cve@mitre.org

References

https://github.com/ cve@mitre.org