ID CVE-2005-2473
Summary Multiple SQL injection vulnerabilities in ChurchInfo allow remote attackers to execute arbitrary SQL commands via the PersonID parameter to (1) PersonView.php, (2) MemberRoleChange.php, (3) PropertyAssign.php, (4) WhyCameEditor.php, (5) GroupPropsEditor.php, (6) Reports/PDFLabel.php, or (7) UserDelete.php, (8) DepositSlipID parameter to DepositSlipEditor.php, (9) QueryID parameter to QueryView.php, GroupID parameter to (10) GroupView.php, (11) GroupMemberList.php, (12) MemberRoleChange.php, (13) GroupDelete.php, (14) /Reports/ClassAttendance.php, or (15) /Reports/GroupReport.php, (16) PropertyID parameter to PropertyEditor.php, FamilyID parameter to (17) Canvas05Editor.php, (18) CanvasEditor.php, or (19) FamilyView.php, or (20) PledgeID parameter to PledgeDetails.php.
References
Vulnerable Configurations
  • cpe:2.3:a:churchinfo:churchinfo:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:churchinfo:churchinfo:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:churchinfo:churchinfo:1.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:churchinfo:churchinfo:1.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:churchinfo:churchinfo:1.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:churchinfo:churchinfo:1.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:churchinfo:churchinfo:1.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:churchinfo:churchinfo:1.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:churchinfo:churchinfo:1.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:churchinfo:churchinfo:1.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:churchinfo:churchinfo:1.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:churchinfo:churchinfo:1.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:churchinfo:churchinfo:1.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:churchinfo:churchinfo:1.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:churchinfo:churchinfo:1.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:churchinfo:churchinfo:1.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:churchinfo:churchinfo:1.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:churchinfo:churchinfo:1.2.2:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 11-07-2017 - 01:32)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 14438
bugtraq 20050801 ChurchInfo Multiple Vulnerabilities
osvdb
  • 18408
  • 18409
  • 18410
  • 18411
  • 18412
  • 18413
  • 18414
  • 18415
  • 18416
  • 18417
  • 18418
  • 18419
  • 18420
  • 18421
  • 18422
  • 18423
  • 18424
  • 18427
  • 18428
sectrack 1014617
secunia 16292
xf churchinfo-sql-injection(21647)
Last major update 11-07-2017 - 01:32
Published 05-08-2005 - 04:00
Last modified 11-07-2017 - 01:32
Back to Top