CVE-2023-38773

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-38773

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-38773.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-38773

Published

2023-08-08T00:00:00Z

Modified

2026-05-15T04:06:58.899915451Z

Summary

[none]

Details

SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the volopp1 and volopp2 parameters within the /QueryView.php.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/38xxx/CVE-2023-38773.json",
    "cna_assigner": "mitre"
}

References

https://churchcrm.io/
https://demo.churchcrm.io/master
https://github.com/ChurchCRM/CRM/wiki
https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/38xxx/CVE-2023-38773.json
https://nvd.nist.gov/vuln/detail/CVE-2023-38773
https://github.com/0x72303074/CVE-Disclosures

CVE-2023-38773

Affected packages