7.5
CVE-2005-2473
- EPSS 2.12%
- Veröffentlicht 05.08.2005 04:00:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginMultiple SQL injection vulnerabilities in ChurchInfo allow remote attackers to execute arbitrary SQL commands via the PersonID parameter to (1) PersonView.php, (2) MemberRoleChange.php, (3) PropertyAssign.php, (4) WhyCameEditor.php, (5) GroupPropsEditor.php, (6) Reports/PDFLabel.php, or (7) UserDelete.php, (8) DepositSlipID parameter to DepositSlipEditor.php, (9) QueryID parameter to QueryView.php, GroupID parameter to (10) GroupView.php, (11) GroupMemberList.php, (12) MemberRoleChange.php, (13) GroupDelete.php, (14) /Reports/ClassAttendance.php, or (15) /Reports/GroupReport.php, (16) PropertyID parameter to PropertyEditor.php, FamilyID parameter to (17) Canvas05Editor.php, (18) CanvasEditor.php, or (19) FamilyView.php, or (20) PledgeID parameter to PledgeDetails.php.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Churchinfo ≫ Churchinfo Version1.1.1
Churchinfo ≫ Churchinfo Version1.1.2
Churchinfo ≫ Churchinfo Version1.1.3
Churchinfo ≫ Churchinfo Version1.1.4
Churchinfo ≫ Churchinfo Version1.1.5
Churchinfo ≫ Churchinfo Version1.1.6
Churchinfo ≫ Churchinfo Version1.2.0
Churchinfo ≫ Churchinfo Version1.2.1
Churchinfo ≫ Churchinfo Version1.2.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.12% | 0.825 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|