CVE-2023-38763
Published
CVSS v3
6.5
MEDIUM
CVSS v2
N/A
Affected
2
PROJECTS
Description
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the FundRaiserID parameter within the /FundRaiserEditor.php endpoint.
ChurchCRM - A free and open-source Church Management Software (ChMS) to help churches manage their membership data, groups, events, and finances.
GitHubGitHub