Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Church Management System Project Security Vulnerabilities

cve
cve

CVE-2021-41643

Remote Code Execution (RCE) vulnerability exists in Sourcecodester Church Management System 1.0 via the image upload field.

9.8CVSS

9.6AI Score

0.019EPSS

2021-10-29 05:15 PM
24
cve
cve

CVE-2021-41661

Church Management System version 1.0 is affected by a SQL anjection vulnerability through creating a user with a PHP file as an avatar image, which is accessible through the /uploads directory. This can lead to RCE on the web server by uploading a PHP webshell.

9.8CVSS

9.6AI Score

0.003EPSS

2022-06-13 11:15 PM
47
7
cve
cve

CVE-2022-2680

A vulnerability classified as critical has been found in SourceCodester Church Management System 1.0. Affected is an unknown function of the file /login.php. The manipulation of the argument username with the input ' OR (SELECT 7064 FROM(SELECT COUNT(*),CONCAT(0x71627a7671,(SELECT (ELT(7064=7064,1)...

8.8CVSS

9AI Score

0.001EPSS

2022-08-05 09:15 PM
39
5
cve
cve

CVE-2022-38594

Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_visitor.php.

7.2CVSS

7.2AI Score

0.001EPSS

2022-09-15 02:15 AM
28
6
cve
cve

CVE-2022-38595

Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_user.php.

7.2CVSS

7.2AI Score

0.001EPSS

2022-09-15 02:15 AM
34
4
cve
cve

CVE-2022-38605

Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_event.php.

7.2CVSS

7.2AI Score

0.001EPSS

2022-09-12 09:15 PM
19
3
cve
cve

CVE-2022-41406

An arbitrary file upload vulnerability in the /admin/admin_pic.php component of Church Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.

7.2CVSS

7.3AI Score

0.001EPSS

2022-10-12 12:15 AM
30
2
cve
cve

CVE-2022-45328

Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_members.php.

7.2CVSS

7.2AI Score

0.001EPSS

2022-11-30 03:15 AM
20
cve
cve

CVE-2024-3537

A vulnerability was found in Campcodes Church Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/admin_user.php. The manipulation of the argument firstname leads to sql injection. The attack may be initiated remotely. The exploit has been...

6.3CVSS

7.3AI Score

0.0004EPSS

2024-04-10 04:15 AM
27
cve
cve

CVE-2024-3541

A vulnerability classified as problematic has been found in Campcodes Church Management System 1.0. This affects an unknown part of the file /admin/admin_user.php. The manipulation of the argument firstname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit h...

3.5CVSS

6.2AI Score

0.0004EPSS

2024-04-10 06:15 AM
33