← back
CVE-2021-41965

CVE-2021-41965

EPSS 1.1%
A SQL injection vulnerability exists in ChurchCRM version 2.0.0 to 4.4.5 that allows an authenticated attacker to issue an arbitrary SQL command to the database through the unsanitized EN_tyid, theID and EID fields used when an Edit action on an existing record is being performed.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://churchcrm.io/https://www.alexbilz.com/post/2022-05-14-cve-2021-41965/