CVE-2005-2474

ChurchInfo allows remote attackers to execute obtain sensitive information via the PersonID parameter to (1) PersonView.php, (2) MemberRoleChange.php, (3) PropertyAssign.php, (4) WhyCameEditor.php, (5) GroupPropsEditor.php, (6) Reports/PDFLabel.php, or (7) UserDelete.php, an invalid Number parameter to (8) SelectList.php or (9) SelectDelete.php, GroupID parameter to (10) GroupView.php, (11) GroupMemberList.php, (12) MemberRoleChange.php, (13) GroupDelete.php, (14) /Reports/ClassAttendance.php, or (15) /Reports/GroupReport.php, (16) PropertyID parameter to PropertyEditor.php, FamilyID parameter to (17) Canvas05Editor.php, (18) CanvasEditor.php, or (19) FamilyView.php, or (20) PledgeID parameter to PledgeDetails.php, which reveal the path in an error message.

Affected Software

Name	Vendor	Start Version	End Version
Churchinfo	Churchinfo	1.1.1 (including)	1.1.1 (including)
Churchinfo	Churchinfo	1.1.2 (including)	1.1.2 (including)
Churchinfo	Churchinfo	1.1.3 (including)	1.1.3 (including)
Churchinfo	Churchinfo	1.1.4 (including)	1.1.4 (including)
Churchinfo	Churchinfo	1.1.5 (including)	1.1.5 (including)
Churchinfo	Churchinfo	1.1.6 (including)	1.1.6 (including)
Churchinfo	Churchinfo	1.2.0 (including)	1.2.0 (including)
Churchinfo	Churchinfo	1.2.1 (including)	1.2.1 (including)
Churchinfo	Churchinfo	1.2.2 (including)	1.2.2 (including)

NVD	https://nvd.nist.gov/vuln/detail/CVE-2005-2474
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

Affected Software

References