Vulnerabilidades em ChurchCRM
72 resultadosCVE-2025-62521CRITICALChurchCRM has unauthenticated RCE in its Install WizardEPSS 4.2%CVE-2024-39304HIGHChurchCRM SQL Injection VulnerabilityEPSS 3.0%CVE-2025-1023CRITICALSQL Injection in ChurchCRM newCountName Parameter via EditEventTypes.phpEPSS 2.2%CVE-2025-68109CRITICALChurchCRM vulnerable to RCE with database restore functionalityEPSS 1.4%CVE-2026-39339CRITICALChurchCRM has an API Authentication BypassEPSS 1.4%CVE-2026-40484CRITICALChurchCRM: Authenticated Remote Code Execution via Unrestricted PHP File Write in Database Restore FunctionEPSS 0.9%CVE-2026-35573CRITICALChurchCRM has a Path traversal leads to RCEEPSS 0.8%CVE-2026-39337CRITICALChurchCRM Affected by Unauthenticated RCE in Install WizardEPSS 0.7%CVE-2025-1134CRITICALSQL Injection in ChurchCRM CurrentFundraiser Parameter via DonatedItemEditor.phpEPSS 0.7%CVE-2025-1135CRITICALSQL Injection in ChurchCRM CurrentFundraiser Parameter via BatchWinnerEntry.phpEPSS 0.7%CVE-2025-1133CRITICALSQL Injection in ChurchCRM EID Parameter via EditEventAttendees.phpEPSS 0.6%CVE-2026-42288CRITICALChurchCRM: Incomplete fix for CVE-2026-39337: Unauthenticated RCE in Setup Wizard via unsanitized DB_PASSWORDEPSS 0.6%CVE-2025-1132CRITICALSQL Injection in ChurchCRM EN_tyid Parameter via EditEventAttendees.phpEPSS 0.5%CVE-2026-40582CRITICALChurchCRM: Authentication Bypass in `/api/public/user/login` Allows Bypass of 2FA and Account LockoutEPSS 0.5%CVE-2025-68112CRITICALChurchCRM has SQL injection in EditEventAttendees.phpEPSS 0.4%CVE-2025-68110CRITICALChurchCRM discloses database information on error messageEPSS 0.4%CVE-2026-24854HIGHChurch CRM has SQL injection in PaddleNumEditor.phpEPSS 0.4%CVE-2025-67751HIGHChurchCRM has SQL Injection in Event Editor via `EN_tyid` Parameter caused by an Incomplete FixEPSS 0.3%CVE-2025-66396HIGHChurchCRM has SQL Injection in User Editor via `type` Parameter KeyEPSS 0.3%CVE-2026-39318HIGHChurchCRM has a DDL SQL Injection in GroupPropsFormRowOps.phpEPSS 0.3%