MidnightBSD

Advisories for churchinfo

CVE-2005-2473 HIGH

Multiple SQL injection vulnerabilities in ChurchInfo allow remote attackers to execute arbitrary SQL commands via the PersonID parameter to (1) PersonView.php, (2) MemberRoleChange.php, (3) PropertyAssign.php, (4) WhyCameEditor.php, (5) GroupPropsEditor.php, (6) Reports/PDFLabel.php, or (7) UserDelete.php, (8) DepositSlipID parameter to DepositSlipEditor.php, (9) QueryID parameter to QueryView.php, GroupID parameter to (10) GroupView.php, (11) GroupMemberList.php, (12) MemberRoleChange.php, (13) GroupDelete.php, (14) /Reports/ClassAttendance.php, or (15) /Reports/GroupReport.php, (16) PropertyID parameter to PropertyEditor.php, FamilyID parameter to (17) Canvas05Editor.php, (18) CanvasEditor.php, or (19) FamilyView.php, or (20) PledgeID parameter to PledgeDetails.php.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
churchinfo churchinfo 1.2.0
churchinfo churchinfo 1.1.3
churchinfo churchinfo 1.1.5
churchinfo churchinfo 1.1.4
churchinfo churchinfo 1.2.2
churchinfo churchinfo 1.1.2
churchinfo churchinfo 1.1.1
churchinfo churchinfo 1.1.6
churchinfo churchinfo 1.2.1
CVE-2005-2474 MEDIUM

ChurchInfo allows remote attackers to execute obtain sensitive information via the PersonID parameter to (1) PersonView.php, (2) MemberRoleChange.php, (3) PropertyAssign.php, (4) WhyCameEditor.php, (5) GroupPropsEditor.php, (6) Reports/PDFLabel.php, or (7) UserDelete.php, an invalid Number parameter to (8) SelectList.php or (9) SelectDelete.php, GroupID parameter to (10) GroupView.php, (11) GroupMemberList.php, (12) MemberRoleChange.php, (13) GroupDelete.php, (14) /Reports/ClassAttendance.php, or (15) /Reports/GroupReport.php, (16) PropertyID parameter to PropertyEditor.php, FamilyID parameter to (17) Canvas05Editor.php, (18) CanvasEditor.php, or (19) FamilyView.php, or (20) PledgeID parameter to PledgeDetails.php, which reveal the path in an error message.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
churchinfo churchinfo 1.2.0
churchinfo churchinfo 1.1.3
churchinfo churchinfo 1.1.5
churchinfo churchinfo 1.1.4
churchinfo churchinfo 1.2.2
churchinfo churchinfo 1.1.2
churchinfo churchinfo 1.1.1
churchinfo churchinfo 1.1.6
churchinfo churchinfo 1.2.1