CVE-2005-2473: SQL Injection
First published: Fri Aug 05 2005(Updated: )
Multiple SQL injection vulnerabilities in ChurchInfo allow remote attackers to execute arbitrary SQL commands via the PersonID parameter to (1) PersonView.php, (2) MemberRoleChange.php, (3) PropertyAssign.php, (4) WhyCameEditor.php, (5) GroupPropsEditor.php, (6) Reports/PDFLabel.php, or (7) UserDelete.php, (8) DepositSlipID parameter to DepositSlipEditor.php, (9) QueryID parameter to QueryView.php, GroupID parameter to (10) GroupView.php, (11) GroupMemberList.php, (12) MemberRoleChange.php, (13) GroupDelete.php, (14) /Reports/ClassAttendance.php, or (15) /Reports/GroupReport.php, (16) PropertyID parameter to PropertyEditor.php, FamilyID parameter to (17) Canvas05Editor.php, (18) CanvasEditor.php, or (19) FamilyView.php, or (20) PledgeID parameter to PledgeDetails.php.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Church Management System | =1.2.2 | |
| Church Management System | =1.1.5 | |
| Church Management System | =1.1.3 | |
| Church Management System | =1.1.2 | |
| Church Management System | =1.2.0 | |
| Church Management System | =1.1.4 | |
| Church Management System | =1.1.6 | |
| Church Management System | =1.1.1 | |
| Church Management System | =1.2.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/14438
- http://www.osvdb.org/18408
- http://www.osvdb.org/18409
- http://www.osvdb.org/18410
- http://www.osvdb.org/18411
- http://www.osvdb.org/18412
- http://www.osvdb.org/18413
- http://www.osvdb.org/18414
- http://www.osvdb.org/18415
- http://www.osvdb.org/18416
- http://www.osvdb.org/18417
- http://www.osvdb.org/18418
- http://www.osvdb.org/18419
- http://www.osvdb.org/18420
- http://www.osvdb.org/18421
- http://www.osvdb.org/18422
- http://www.osvdb.org/18423
- http://www.osvdb.org/18424
- http://www.osvdb.org/18427
- http://www.osvdb.org/18428
- http://securitytracker.com/id?1014617
- http://secunia.com/advisories/16292
- http://marc.info/?l=bugtraq&m=112291550713546&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/21647
Frequently Asked Questions
What is the severity of CVE-2005-2473?
CVE-2005-2473 is classified as a medium severity vulnerability due to its potential for SQL injection attacks.
How do I fix CVE-2005-2473?
To fix CVE-2005-2473, upgrade to a non-vulnerable version of ChurchInfo and implement proper input validation to prevent SQL injection.
Which versions of ChurchInfo are affected by CVE-2005-2473?
CVE-2005-2473 affects ChurchInfo versions 1.1.1 through 1.2.2.
What types of attacks can be performed using CVE-2005-2473?
CVE-2005-2473 allows remote attackers to perform arbitrary SQL commands, potentially leading to data exposure or modification.
Is CVE-2005-2473 a common vulnerability?
While CVE-2005-2473 may not be widely reported today, SQL injection vulnerabilities are a common issue in web applications.
- agent/references
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/severity
- agent/event
- agent/description
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/churchinfo
- canonical/church management system
- version/church management system/1.2.2
- version/church management system/1.1.5
- version/church management system/1.1.3
- version/church management system/1.1.2
- version/church management system/1.2.0
- version/church management system/1.1.4
- version/church management system/1.1.6
- version/church management system/1.1.1
- version/church management system/1.2.1