ID CVE-2005-2474
Summary ChurchInfo allows remote attackers to execute obtain sensitive information via the PersonID parameter to (1) PersonView.php, (2) MemberRoleChange.php, (3) PropertyAssign.php, (4) WhyCameEditor.php, (5) GroupPropsEditor.php, (6) Reports/PDFLabel.php, or (7) UserDelete.php, an invalid Number parameter to (8) SelectList.php or (9) SelectDelete.php, GroupID parameter to (10) GroupView.php, (11) GroupMemberList.php, (12) MemberRoleChange.php, (13) GroupDelete.php, (14) /Reports/ClassAttendance.php, or (15) /Reports/GroupReport.php, (16) PropertyID parameter to PropertyEditor.php, FamilyID parameter to (17) Canvas05Editor.php, (18) CanvasEditor.php, or (19) FamilyView.php, or (20) PledgeID parameter to PledgeDetails.php, which reveal the path in an error message.
References
Vulnerable Configurations
  • cpe:2.3:a:churchinfo:churchinfo:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:churchinfo:churchinfo:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:churchinfo:churchinfo:1.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:churchinfo:churchinfo:1.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:churchinfo:churchinfo:1.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:churchinfo:churchinfo:1.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:churchinfo:churchinfo:1.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:churchinfo:churchinfo:1.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:churchinfo:churchinfo:1.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:churchinfo:churchinfo:1.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:churchinfo:churchinfo:1.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:churchinfo:churchinfo:1.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:churchinfo:churchinfo:1.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:churchinfo:churchinfo:1.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:churchinfo:churchinfo:1.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:churchinfo:churchinfo:1.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:churchinfo:churchinfo:1.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:churchinfo:churchinfo:1.2.2:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 11-07-2017 - 01:32)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:N
refmap via4
bugtraq 20050801 ChurchInfo Multiple Vulnerabilities
osvdb
  • 18425
  • 18426
  • 18429
  • 18430
  • 18431
  • 18432
  • 18433
  • 18434
  • 18435
  • 18436
  • 18437
  • 18438
  • 18439
  • 18450
sectrack 1014617
secunia 16292
xf churchinfo-path-disclosure(21648)
Last major update 11-07-2017 - 01:32
Published 05-08-2005 - 04:00
Last modified 11-07-2017 - 01:32
Back to Top