SQL Injection Vulnerability in ChurchCRM by ChurchCRM
CVE-2023-38762
7.5HIGH
What is CVE-2023-38762?
A SQL injection vulnerability in ChurchCRM version 5.0.0 enables remote attackers to gain unauthorized access to sensitive information. By manipulating the friendmonths parameter in the /QueryView.php script, an attacker can execute arbitrary SQL queries, potentially exposing confidential user data. This flaw underscores the importance of input validation and securing web applications against SQL injection attacks.