CVE-2005-2473: SQL Injection
First published: Fri Aug 05 2005(Updated: )
Multiple SQL injection vulnerabilities in ChurchInfo allow remote attackers to execute arbitrary SQL commands via the PersonID parameter to (1) PersonView.php, (2) MemberRoleChange.php, (3) PropertyAssign.php, (4) WhyCameEditor.php, (5) GroupPropsEditor.php, (6) Reports/PDFLabel.php, or (7) UserDelete.php, (8) DepositSlipID parameter to DepositSlipEditor.php, (9) QueryID parameter to QueryView.php, GroupID parameter to (10) GroupView.php, (11) GroupMemberList.php, (12) MemberRoleChange.php, (13) GroupDelete.php, (14) /Reports/ClassAttendance.php, or (15) /Reports/GroupReport.php, (16) PropertyID parameter to PropertyEditor.php, FamilyID parameter to (17) Canvas05Editor.php, (18) CanvasEditor.php, or (19) FamilyView.php, or (20) PledgeID parameter to PledgeDetails.php.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Church Management System | =1.2.2 | |
| Church Management System | =1.1.5 | |
| Church Management System | =1.1.3 | |
| Church Management System | =1.1.2 | |
| Church Management System | =1.2.0 | |
| Church Management System | =1.1.4 | |
| Church Management System | =1.1.6 | |
| Church Management System | =1.1.1 | |
| Church Management System | =1.2.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/14438
- http://www.osvdb.org/18408
- http://www.osvdb.org/18409
- http://www.osvdb.org/18410
- http://www.osvdb.org/18411
- http://www.osvdb.org/18412
- http://www.osvdb.org/18413
- http://www.osvdb.org/18414
- http://www.osvdb.org/18415
- http://www.osvdb.org/18416
- http://www.osvdb.org/18417
- http://www.osvdb.org/18418
- http://www.osvdb.org/18419
- http://www.osvdb.org/18420
- http://www.osvdb.org/18421
- http://www.osvdb.org/18422
- http://www.osvdb.org/18423
- http://www.osvdb.org/18424
- http://www.osvdb.org/18427
- http://www.osvdb.org/18428
- http://securitytracker.com/id?1014617
- http://secunia.com/advisories/16292
- http://marc.info/?l=bugtraq&m=112291550713546&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/21647
- agent/references
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/severity
- agent/event
- agent/description
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/churchinfo
- canonical/church management system
- version/church management system/1.2.2
- version/church management system/1.1.5
- version/church management system/1.1.3
- version/church management system/1.1.2
- version/church management system/1.2.0
- version/church management system/1.1.4
- version/church management system/1.1.6
- version/church management system/1.1.1
- version/church management system/1.2.1