Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2473

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-2473
Last Modified 05 Sep 2008 04:51:51
Published 05 Aug 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-2473

Summary

Multiple SQL injection vulnerabilities in ChurchInfo allow remote attackers to execute arbitrary SQL commands via the PersonID parameter to (1) PersonView.php, (2) MemberRoleChange.php, (3) PropertyAssign.php, (4) WhyCameEditor.php, (5) GroupPropsEditor.php, (6) Reports/PDFLabel.php, or (7) UserDelete.php, (8) DepositSlipID parameter to DepositSlipEditor.php, (9) QueryID parameter to QueryView.php, GroupID parameter to (10) GroupView.php, (11) GroupMemberList.php, (12) MemberRoleChange.php, (13) GroupDelete.php, (14) /Reports/ClassAttendance.php, or (15) /Reports/GroupReport.php, (16) PropertyID parameter to PropertyEditor.php, FamilyID parameter to (17) Canvas05Editor.php, (18) CanvasEditor.php, or (19) FamilyView.php, or (20) PledgeID parameter to PledgeDetails.php.

Vulnerable Systems

Application

  • Churchinfo 1.1.1

  • Churchinfo 1.1.2

  • Churchinfo 1.1.3

  • Churchinfo 1.1.4

  • Churchinfo 1.1.5

  • Churchinfo 1.1.6

  • Churchinfo 1.2.0

  • Churchinfo 1.2.1

  • Churchinfo 1.2.2


References

XF - churchinfo-sql-injection(21647)

BID - 14438

OSVDB - 18428

OSVDB - 18427

OSVDB - 18424

OSVDB - 18423

OSVDB - 18422

OSVDB - 18421

OSVDB - 18420

OSVDB - 18419

OSVDB - 18418

OSVDB - 18417

OSVDB - 18416

OSVDB - 18415

OSVDB - 18414

OSVDB - 18413

OSVDB - 18412

OSVDB - 18411

OSVDB - 18410

OSVDB - 18409

OSVDB - 18408

SECTRACK - 1014617

SECUNIA - 16292

BUGTRAQ - 20050801 ChurchInfo Multiple Vulnerabilities


Last Updated: 27 May 2016 10:40:32