Multiple SQL injection vulnerabilities in ChurchInfo allow remote attackers to execute arbitrary SQL commands via the PersonID parameter to (1) PersonView.php, (2) MemberRoleChange.php, (3) PropertyAssign.php, (4) WhyCameEditor.php, (5) GroupPropsEditor.php, (6) Reports/PDFLabel.php, or (7) UserDelete.php, (8) DepositSlipID parameter to DepositSlipEditor.php, (9) QueryID parameter to QueryView.php, GroupID parameter to (10) GroupView.php, (11) GroupMemberList.php, (12) MemberRoleChange.php, (13) GroupDelete.php, (14) /Reports/ClassAttendance.php, or (15) /Reports/GroupReport.php, (16) PropertyID parameter to PropertyEditor.php, FamilyID parameter to (17) Canvas05Editor.php, (18) CanvasEditor.php, or (19) FamilyView.php, or (20) PledgeID parameter to PledgeDetails.php.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P
Vendors Products
Churchinfo
  • Churchinfo

Configuration 1 [-]

OR cpe:2.3:a:churchinfo:churchinfo:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:churchinfo:churchinfo:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:churchinfo:churchinfo:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:churchinfo:churchinfo:1.1.4:*:*:*:*:*:*:*
cpe:2.3:a:churchinfo:churchinfo:1.1.5:*:*:*:*:*:*:*
cpe:2.3:a:churchinfo:churchinfo:1.1.6:*:*:*:*:*:*:*
cpe:2.3:a:churchinfo:churchinfo:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:churchinfo:churchinfo:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:churchinfo:churchinfo:1.2.2:*:*:*:*:*:*:*
References
Link Resource
http://marc.info/?l=bugtraq&m=112291550713546&w=2
http://secunia.com/advisories/16292
http://securitytracker.com/id?1014617
http://www.osvdb.org/18408
http://www.osvdb.org/18409
http://www.osvdb.org/18410
http://www.osvdb.org/18411
http://www.osvdb.org/18412
http://www.osvdb.org/18413
http://www.osvdb.org/18414
http://www.osvdb.org/18415
http://www.osvdb.org/18416
http://www.osvdb.org/18417
http://www.osvdb.org/18418
http://www.osvdb.org/18419
http://www.osvdb.org/18420
http://www.osvdb.org/18421
http://www.osvdb.org/18422
http://www.osvdb.org/18423
http://www.osvdb.org/18424
http://www.osvdb.org/18427
http://www.osvdb.org/18428
http://www.securityfocus.com/bid/14438
https://exchange.xforce.ibmcloud.com/vulnerabilities/21647
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2005-08-05T04:00:00

Updated: 2017-07-10T14:57:01

Reserved: 2005-08-05T00:00:00

Link: CVE-2005-2473

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2005-08-05T04:00:00.000

Modified: 2017-07-11T01:32:52.063

Link: CVE-2005-2473

JSON object: View

cve-icon Redhat Information

No data.

CWE