Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2474

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2005-2474
Last Modified 05 Sep 2008 04:51:51
Published 05 Aug 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-2474

Summary

ChurchInfo allows remote attackers to execute obtain sensitive information via the PersonID parameter to (1) PersonView.php, (2) MemberRoleChange.php, (3) PropertyAssign.php, (4) WhyCameEditor.php, (5) GroupPropsEditor.php, (6) Reports/PDFLabel.php, or (7) UserDelete.php, an invalid Number parameter to (8) SelectList.php or (9) SelectDelete.php, GroupID parameter to (10) GroupView.php, (11) GroupMemberList.php, (12) MemberRoleChange.php, (13) GroupDelete.php, (14) /Reports/ClassAttendance.php, or (15) /Reports/GroupReport.php, (16) PropertyID parameter to PropertyEditor.php, FamilyID parameter to (17) Canvas05Editor.php, (18) CanvasEditor.php, or (19) FamilyView.php, or (20) PledgeID parameter to PledgeDetails.php, which reveal the path in an error message.

Vulnerable Systems

Application

  • Churchinfo 1.1.1

  • Churchinfo 1.1.2

  • Churchinfo 1.1.3

  • Churchinfo 1.1.4

  • Churchinfo 1.1.5

  • Churchinfo 1.1.6

  • Churchinfo 1.2.0

  • Churchinfo 1.2.1

  • Churchinfo 1.2.2


References

XF - churchinfo-path-disclosure(21648)

OSVDB - 18450

OSVDB - 18439

OSVDB - 18438

OSVDB - 18437

OSVDB - 18436

OSVDB - 18435

OSVDB - 18434

OSVDB - 18433

OSVDB - 18432

OSVDB - 18431

OSVDB - 18430

OSVDB - 18429

OSVDB - 18426

OSVDB - 18425

SECTRACK - 1014617

SECUNIA - 16292

BUGTRAQ - 20050801 ChurchInfo Multiple Vulnerabilities


Last Updated: 27 May 2016 10:40:32