Vulnerabilidades em ChurchCRM
72 resultadosCVE-2025-66313MEDIUMChurchCRM vulnerable to a time-based blind SQL injection via the 1FieldSec parameterEPSS 0.3%CVE-2026-40480HIGHChurchCRM has Missing Object-Level Authorization / IDOR in `/api/person/{personId}`EPSS 0.3%CVE-2026-40485MEDIUMChurchCRM: Username Enumeration via Differential Response in Public Login APIEPSS 0.3%CVE-2025-66395HIGHSQL Injection in Event List via `WhichType` ParameterEPSS 0.3%CVE-2025-68400CRITICALChurchCRM vulnerable to time-based blind SQL Injection in ConfirmReportEmail.phpEPSS 0.3%CVE-2026-32880MEDIUMChurchCRM is vulnerable to Stored XSS through JSON handling in SystemSettings.phpEPSS 0.3%CVE-2025-68111HIGHChurchCRM has SQL Injection in eGive Import FeatureEPSS 0.3%CVE-2025-67877HIGHChurchCRM SQL Injection VulnerabilityEPSS 0.3%CVE-2026-40482HIGHChurchCRM has Authenticated SQL Injection in `/api/families/byCheckNumber/{scanString}`EPSS 0.3%CVE-2026-39342CRITICALChurchCRM has a SQL injection searchwhat parameter via QueryView.phpEPSS 0.3%CVE-2026-35574HIGHChurchCRM has a Stored XSS in Person Profile - Add a NoteEPSS 0.3%CVE-2025-67874MEDIUMChurchCRM has plaintext password return in responseEPSS 0.3%CVE-2026-35572HIGHSSRF via Referer header in ChurchCRM allows server-side HTTP/HTTPS requests to arbitrary hostsEPSS 0.3%CVE-2026-39341HIGHSQL injection in ChurchCRM.0EPSS 0.3%CVE-2026-39940MEDIUMChurchCRM has an Open Redirect via the ‘linkBack’ URL Parameter in DonatedItemEditor.phpEPSS 0.3%CVE-2025-1024HIGHSession Hijacking via Reflected Cross-Site Scripting (XSS) in ChurchCRM EditEventAttendees.php EID ParameterEPSS 0.3%CVE-2026-39941MEDIUMChurchCRM has an XSS vulnerabilityEPSS 0.3%CVE-2026-35576HIGHChurchCRM has Stored Cross-Site Scripting (XSS) in Person Properties via PrintView.phpEPSS 0.3%CVE-2026-39344HIGHReflected XSS the login page through the 'username' parameterEPSS 0.3%CVE-2026-39325HIGHChurchCRM has a Blind SQL injection in SettingsUser.phpEPSS 0.3%