CVE Vulnerabilities

CVE-2005-2473

Published: Aug 05, 2005 | Modified: Jul 11, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Multiple SQL injection vulnerabilities in ChurchInfo allow remote attackers to execute arbitrary SQL commands via the PersonID parameter to (1) PersonView.php, (2) MemberRoleChange.php, (3) PropertyAssign.php, (4) WhyCameEditor.php, (5) GroupPropsEditor.php, (6) Reports/PDFLabel.php, or (7) UserDelete.php, (8) DepositSlipID parameter to DepositSlipEditor.php, (9) QueryID parameter to QueryView.php, GroupID parameter to (10) GroupView.php, (11) GroupMemberList.php, (12) MemberRoleChange.php, (13) GroupDelete.php, (14) /Reports/ClassAttendance.php, or (15) /Reports/GroupReport.php, (16) PropertyID parameter to PropertyEditor.php, FamilyID parameter to (17) Canvas05Editor.php, (18) CanvasEditor.php, or (19) FamilyView.php, or (20) PledgeID parameter to PledgeDetails.php.

Affected Software

Name Vendor Start Version End Version
Churchinfo Churchinfo 1.1.1 (including) 1.1.1 (including)
Churchinfo Churchinfo 1.1.2 (including) 1.1.2 (including)
Churchinfo Churchinfo 1.1.3 (including) 1.1.3 (including)
Churchinfo Churchinfo 1.1.4 (including) 1.1.4 (including)
Churchinfo Churchinfo 1.1.5 (including) 1.1.5 (including)
Churchinfo Churchinfo 1.1.6 (including) 1.1.6 (including)
Churchinfo Churchinfo 1.2.0 (including) 1.2.0 (including)
Churchinfo Churchinfo 1.2.1 (including) 1.2.1 (including)
Churchinfo Churchinfo 1.2.2 (including) 1.2.2 (including)

References