Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ChurchCRM vulnerable to a time-based blind SQL injection via the 1FieldSec parameter
Vulnerability Description
ChurchCRM is an open-source church management system. In ChurchCRM 6.2.0 and earlier, there is a time-based blind SQL injection in the handling of the 1FieldSec parameter. Injecting SLEEP() causes deterministic server-side delays, proving the value is incorporated into a SQL query without proper parameterization. The issue allows data exfiltration and modification via blind techniques.
CVSS Information
N/A
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
ChurchCRM SQL注入漏洞
Vulnerability Description
ChurchCRM是ChurchCRM开源的一个为教会打造的开源 CRM 系统。 ChurchCRM 6.2.0及之前版本存在SQL注入漏洞,该漏洞源于时间型盲SQL注入,可能导致数据泄露和修改。
CVSS Information
N/A
Vulnerability Type
N/A