← volver
CVE-2021-41965

CVE-2021-41965

EPSS 1.1%
A SQL injection vulnerability exists in ChurchCRM version 2.0.0 to 4.4.5 that allows an authenticated attacker to issue an arbitrary SQL command to the database through the unsanitized EN_tyid, theID and EID fields used when an Edit action on an existing record is being performed.
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://churchcrm.io/https://www.alexbilz.com/post/2022-05-14-cve-2021-41965/