CVE Vulnerabilities

CVE-2005-2474

Published: Aug 05, 2005 | Modified: Jul 11, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

ChurchInfo allows remote attackers to execute obtain sensitive information via the PersonID parameter to (1) PersonView.php, (2) MemberRoleChange.php, (3) PropertyAssign.php, (4) WhyCameEditor.php, (5) GroupPropsEditor.php, (6) Reports/PDFLabel.php, or (7) UserDelete.php, an invalid Number parameter to (8) SelectList.php or (9) SelectDelete.php, GroupID parameter to (10) GroupView.php, (11) GroupMemberList.php, (12) MemberRoleChange.php, (13) GroupDelete.php, (14) /Reports/ClassAttendance.php, or (15) /Reports/GroupReport.php, (16) PropertyID parameter to PropertyEditor.php, FamilyID parameter to (17) Canvas05Editor.php, (18) CanvasEditor.php, or (19) FamilyView.php, or (20) PledgeID parameter to PledgeDetails.php, which reveal the path in an error message.

Affected Software

Name Vendor Start Version End Version
Churchinfo Churchinfo 1.1.1 (including) 1.1.1 (including)
Churchinfo Churchinfo 1.1.2 (including) 1.1.2 (including)
Churchinfo Churchinfo 1.1.3 (including) 1.1.3 (including)
Churchinfo Churchinfo 1.1.4 (including) 1.1.4 (including)
Churchinfo Churchinfo 1.1.5 (including) 1.1.5 (including)
Churchinfo Churchinfo 1.1.6 (including) 1.1.6 (including)
Churchinfo Churchinfo 1.2.0 (including) 1.2.0 (including)
Churchinfo Churchinfo 1.2.1 (including) 1.2.1 (including)
Churchinfo Churchinfo 1.2.2 (including) 1.2.2 (including)

References